- This topic is empty.
-
Posts
-
spam and google are pretty old mates.. cant find a way to separate them. :tongue:
dhayman wrote:I have begun the last few days notifying each of the “PLONE” CMS sites of the illicit spamming of their indices. If you check my prior post links from this morning, over 50 % of them have been removed from their respective CMS systems. Tomorrow, when I get the chance, I will list PLONE-based domains, with contact Email addresses, and will ask all to Email their administrators alerting them to the spamming of their systems. Many of these page no longer exist, so the natural chaser will be to alert Google of these deleted pages as well.We are well on our way to defeating Morohin with this battle. Unfortunately, this is just one of many battles out there. We all need to participate to make these bastards go away (or at least to frustrate them).
Good work!
What solution do you offer the webmasters? Do they just upgrade their Plone or remove anonymous login or?? I am curious because I am going to submit the over 100 urls that I have as well and would like to give them a way to ‘clean house’.
kwblue,
I will post the info later this afternoon, since I’m in the middle of some other issues at the moment.
To answer your questions, I will be notifying each administrator/webmaster, and suggest that they do the following:
1) Remove pages that have been spammed;
2) Disable the “Anonymous” login feature of their PLONE installation.
I garnered this from one of the sites, who indicated that this was the
reason for the spammer (Morahin) being able to get into the system;
3) Suggest that they upgrade to the latest version of PLONE. PLONE
indicates that they are working on a security patch for this;If you type in “casino sites” into Google, and look at these CMS-based links, you will see that more than half of them no longer return a page (i.e., have been removed from their systems). This is great news. If we can get more to comply, get them to upgrade their installation S/W, and then get Google to remove these dead links, we will be in business.
This is the most encouraged that I have been in a long time. Thanks to your and Professor’s input on this – that provided the foundation for moving forward on this.
Again, I will post the information that I have for each of the CMS sites, later today.
Thanks for the helping !
Firstly can I just say the work from Dhayman has been outstanding and I have seen the issue raised on other forums but this thread is the first one that has cracked it! And cracked it down to Dhaymans determination and greeks tech skills
With so much bad press towards gambling and the general complaints about spam, CAP really should PR the information.
Dhaymans frustration combined with all other affiliates that in recent weeks have seen spam multiply and lots of people have had issues with G traffic dropping this thread highlights a much wider G issue.
I know people have been sending in Spam reports and pointed out problems but I really believe suggestions of collusion are wrong. Yes it does happen in all big companies, but this type of “hacking” spam attack questions some major points of the foundation that the overall algo is written on.
In my opinion the reason why the reaction from G has been so slow is they dont know what to do.
We have a situation where based on the foundations of the overall algo, age old sites with trusted attributes are now appearing as link/blog spam posts everywhere. So who do I trust ?- that has to be one of there questions when probably not down to the plone angle but the same CMS workaround I have seen a stanford.edu casino page. So I am sure there are multiple plone/cms attacks happening
All of a sudden trustedunidomain.edu is now appearing everywhere as spam links for Pills and Gambling. Sites they probably never considered would appear as the issues when the days of piggy backing onto blogs/sites with major trust levels was surely over
This is now going on for weeks and Yahoo who was generally the worst of them all for showing top 10 spam results now in a lot of cases has a cleaner top 20 results than G.
The “Plone” angle is now looking dead for these guys but surely they thought of that. If anything I would imagine the new angle is up and running for the last few weeks. We are not dealing with amatuers, you do not end up as No 1 on the Rokso Spamhaus list for being a minor player
And my last point of this very long post is that even though G may have issues with gambling and pharma clients overall, if these guys can bulldoze there way into the top 10 reasonably easily, that ability means they could spam “shoes” and still make money, so I would be amazed if heaviest traffic categories of Finance, Travel and Ecommerce are not being planned for or being done
Whats there margin – bandwidth? Top 10 of G for 100’s of KW’s for a category and all you had to do was worry about the bandwith costs and the price of a few developers and of course I’m there paying all the income they get so are paying huge amounts of tax :huh2:
With there current practise I am pretty sure its Shiny Fast Cars and serious bank balances all the way
Even with the new G algo release as I have said above the reason you dont see “swift immediate action” is for the moment they have beaten the algo and whats the point in killing one fly when there are 1000 around the corner
I am sure they would rather wait and exterminate the lot once and for all but thanks to the work on this thread I think it creates some very powerful question for Googs next step if they want to remain no 1 in the search wars
There is perhaps maybe only one fly too kill in this chaos. greek39
yes one fly for this current record breaking “how long can I stay top of G even when the domains burn”
I live in the real world and for as long as you have search engines you will always have spam, but bat this fly and its over ? This is one of the worst cases but month in month out there has been numerous compliants about differnt cases and that will always happen except in most cases they last for days not weeks,these guys as you know are launching 00’s of sites daily and working too one day in top 5 for online poker which is a lot of traffic and a lot of accounts so do you really think everyones problem is solved after this one. Its a question not a argument!
You know the way all the engines try to come up with funky/cool names for there updates, what would you call this one?, From a spammers point of view I think we should call the last 3 months Disneyland “where all your dreams come true”
Maybe I think too much but I think its a case of the hunter becoming the hunted, yes of course G will be able to deal with this but I my point inbetween the lines of my post is the questions how they currently have applied the logic to the overall algo. One major spammer does not change the world but in my love hate relationship with G I am pretty sure Matt and the boys realise if we are going to have Web 2.0 we are now with Spam 2.0
Maybe I am just paranoid, but when you have people hacking computers and sites and doing it an way which is the basic outline of “how do I rank best based on all historical data and “reasonably proven” points” they must be asking themselves questions at G and wondering does the current system work
If I have (which I dont) the technical ability to hack my way onto standford.edu and show a casino redirect which standford does not know about because its not a UNI members pages but an illegaly placed page that ranks in the top 10, how can I think my algo works brilliantly if I trust long standing sites, some .com, edu, gov and decide to rank them highly if they decide to write a page about shoes, or tables, maybe they have some new information about gambling, but is it just spam??????
But then if I decide to amend my algo and decide that because of a new hack maybe I should add some penalty or variation of a sandbox unless there is a type of rule applied for new pages, what type of chaos would that enfold for my oh so pure algo
And dont worry there algo in my eyes has always been from a very odd viewpoint
So I think thats there question but would be total chaos and I dont know what there sensible answer to dealing with it i s, as maybe Stanford next week will release a ground breaking paper on Credit cards but is it spam,? is it legit? Can not compute overload :crazy: is that what the algo does?
SE Spam has been around for ages and will always be there but hacking to SE spam is reasonably new, meddling with CMS systems I thought was quite clever from a technical stand point,but I am still interested in how G reacts to this hack as maybe my belief is misguided but I still think it challenges the fundamentals of how it all works
How do you bat this fly? Close Plone what about all the other weak CMS?
What about the current redirects and manipulation you see from redirects Forbes.com forums and Businessweek.com blogs
For me I am in this for the long term and do this full time, and only pay attention because you can always learn something from understanding how its broken
Just to clarify all my sites are legit so I am not trying to learn something sneaky! and when I say full time thats in the AFF world and do more than gambling
Its just my views and I’m not saying this issue of spam shakes the world but will go back to my point on my previous post saying I think goog are questioning all the angles and just havent figured it out
Ultimately they will work it out, there a multi billion dollar company but I am going to stick to my guns about the point of the “hack” versus the current structure setup of there algo getting a lot of current time in the “plex”
Or maybe I should just stay under my bed:hattip:
OK Gang,
Here’s data that I came up with regarding CMS systems to complain to. Several of them have already removed pages that have been spammed by Morahin and his gang. Please send Emails individually or en-masse to the Email addresses below, indicating that this spammer has been infiltrating their system, and to combat it, they must:
1) Remove Anonymous login privilege that PLONE permits;
2) Consider upgrading to the latest PLONE security release;
3) Delete their local databases of all the filth.Note that some systems seem to run directly off of PLONE.ORG, while others seem to have their own satellite installations.
I would suggest writing a single Email to all Email addresses (a little cut and paste action), list all of the spam sites, and mention the suggested remedies above.
The more fire power, the merrier.
Here are the Email contacts, associated with each CMS system, and some sample offending pages. At the end of this message, I have ALL Email addresses listed contiguously (for cut & paste purposes), and all Sample Spam pages listed contiguously as well (remember to remove the prefix “x” before each URL that I have added, to ensure that these sites don’t get referral points in the CAP post). Just do it !!
============
http://plone.org – Authors of the offending system
============
vidar@blacktar.com
runyaga@plone.org
limi@plone.org
paul@zeapartners.org
helge@tesdal.com
sidnei@plone.org
lalo@laranja.org
bcsaller@yahoo.com
geoff@geoffdavis.net
hazmat@objectrealms.net
andy@enfoldsystems.com
phil@bluedynamics.com
geir@elvix.com
joel@joelburton.com===================
http://www.wide.msu.edu
====================
hartdav2@msu.edu
grabill@msu.edu
porterj8@msu.edu
courantm@msu.edu
easterbr@msu.edu
arthur1@msu.edu
leonkend@msu.edu
penniman@msu.edu
revesro1@msu.edu
ridolfoj@msu.eduSample spam:
xhttp://www.wide.msu.edu/Members/heatherrut/poker-2.html
xhttp://www.wide.msu.edu/Members/joedean/poker-11.html
xhttp://www.wide.msu.edu/Members/ericdiana/casino-17.html
xhttp://www.wide.msu.edu/Members/ericdiana/casino-7.html====================
http://bioinfo.mbi.ucla.edu
====================
No Email addressesSample Spam:
xhttp://bioinfo.mbi.ucla.edu/Members/paulakaren/poker-16.html
xhttp://bioinfo.mbi.ucla.edu/Members/debbiekare/casino-5.html======================
http://www.paramedic.org.uk
=======================
No Email addressesSample Spam:
xhttp://www.paramedic.org.uk/Members/chadjean/poker-17.html
xhttp://www.paramedic.org.uk/Members/dianakevin/poker-15.html
xhttp://www.paramedic.org.uk/Members/deanmay/casino-4.html=======================
http://tec.earth.sinica.edu.tw
=======================
tec@earth.sinica.edu.twSample Spam:
xhttp://tec.earth.sinica.edu.tw/Members/sallykimbe/poker-12.html
xhttp://tec.earth.sinica.edu.tw/Members/pamelazack/casino-12.html
xhttp://tec.earth.sinica.edu.tw/Members/pamelazack/casino-11.html======================
http://seamap.env.duke.edu
======================
ljhazen@duke.edu
bbest@duke.edu
phalpin@duke.edu
aread@duke.eduSample Spam:
xhttp://seamap.env.duke.edu/Members/kevinausti/samueladam/====================
http://www.tchezope.org
====================
No Email addressesSample Spam:
xhttp://www.tchezope.org/Members/ottootto/ivanangie/================
http://civil.case.edu
================
brs@case.eduSample Spam:
xhttp://civil.case.edu/Members/pattyrebec/poker-7.html
xhttp://civil.case.edu/Members/sabrinagre/casino-17.html======================
http://www.linearcollider.ca
======================
karlen@uvic.caSample Spam:
xhttp://www.linearcollider.ca/Members/raymonddaw/poker-19.html=========================
http://neumann.sk.tsukuba.ac.jp
=========================
No Email AddressesSample Spam:
xhttp://neumann.sk.tsukuba.ac.jp/plone/Members/janetbritn/poker-3.html
xhttp://neumann.sk.tsukuba.ac.jp/plone/Members/jackjill/poker-18.html
xhttp://neumann.sk.tsukuba.ac.jp/plone/Members/tinamarla/casino-5.html=======================
http://www.plone4artists.org
=======================
No Email AddressesSample Spam:
xhttp://www.plone4artists.org/Members/victorcarl/poker-4.html===================
http://sp2000europa.org
===================
sp2000@reading.ac.ukSample Spam:
xhttp://sp2000europa.org/Members/lisafawn/poker-8.html=================
http://oooauthors.org
=================
No Email AddressesSample Spam:
xhttp://oooauthors.org/Members/adriannapa/casino-8.html
xhttp://oooauthors.org/Members/adriannapa/casino-9.html=============
http://lab2ipo.org
=============
stanco@gwu.eduSample Spam:
xhttp://lab2ipo.org/Members/oscarryan/casino-2.html=================
http://msen.tamu.edu
=================
msen@tamu.edu
jhross@tamu.eduSample Spam:
xhttp://msen.tamu.edu/Members/nickadam/casino-9.html=================
http://atomworks.org
=================
feinerman@uic.edu
wiltzius@uiuc.eduSample Spam:
xhttp://atomworks.org/Members/elainekimb/joypaula/
xhttp://atomworks.org/Members/elainekimb/sherryjoy/=================
http://snipsnap.nr.no
=================
No Email AddressesSample Spam:
xhttp://snipsnap.nr.no/projectlink/space/janepatty/slot-1.html
xhttp://snipsnap.nr.no/projectlink/space/deanolga/casino-13.html
xhttp://snipsnap.nr.no/projectlink/space/tracyhayde/poker-14.html
xhttp://snipsnap.nr.no/projectlink/space/tracyhayde/poker-13.html========================================================
===================
Consolidated Email List
===================
vidar@blacktar.com
runyaga@plone.org
limi@plone.org
paul@zeapartners.org
helge@tesdal.com
sidnei@plone.org
lalo@laranja.org
bcsaller@yahoo.com
geoff@geoffdavis.net
hazmat@objectrealms.net
andy@enfoldsystems.com
phil@bluedynamics.com
geir@elvix.com
joel@joelburton.com
hartdav2@msu.edu
grabill@msu.edu
porterj8@msu.edu
courantm@msu.edu
easterbr@msu.edu
arthur1@msu.edu
leonkend@msu.edu
penniman@msu.edu
revesro1@msu.edu
ridolfoj@msu.edu
tec@earth.sinica.edu.tw
ljhazen@duke.edu
bbest@duke.edu
phalpin@duke.edu
aread@duke.edu
brs@case.edu
karlen@uvic.ca
sp2000@reading.ac.uk
stanco@gwu.edu
msen@tamu.edu
jhross@tamu.edu
feinerman@uic.edu
wiltzius@uiuc.edu===================
Consolidated Spam List
===================
xhttp://www.wide.msu.edu/Members/heatherrut/poker-2.html
xhttp://www.wide.msu.edu/Members/joedean/poker-11.html
xhttp://www.wide.msu.edu/Members/ericdiana/casino-17.html
xhttp://www.wide.msu.edu/Members/ericdiana/casino-7.html
xhttp://bioinfo.mbi.ucla.edu/Members/paulakaren/poker-16.html
xhttp://bioinfo.mbi.ucla.edu/Members/debbiekare/casino-5.html
xhttp://www.paramedic.org.uk/Members/chadjean/poker-17.html
xhttp://www.paramedic.org.uk/Members/dianakevin/poker-15.html
xhttp://www.paramedic.org.uk/Members/deanmay/casino-4.html
xhttp://tec.earth.sinica.edu.tw/Members/sallykimbe/poker-12.html
xhttp://tec.earth.sinica.edu.tw/Members/pamelazack/casino-12.html
xhttp://tec.earth.sinica.edu.tw/Members/pamelazack/casino-11.html
xhttp://seamap.env.duke.edu/Members/kevinausti/samueladam/
xhttp://www.tchezope.org/Members/ottootto/ivanangie/
xhttp://civil.case.edu/Members/pattyrebec/poker-7.html
xhttp://civil.case.edu/Members/sabrinagre/casino-17.html
xhttp://www.linearcollider.ca/Members/raymonddaw/poker-19.html
xhttp://neumann.sk.tsukuba.ac.jp/plone/Members/janetbritn/poker-3.html
xhttp://neumann.sk.tsukuba.ac.jp/plone/Members/jackjill/poker-18.html
xhttp://neumann.sk.tsukuba.ac.jp/plone/Members/tinamarla/casino-5.html
xhttp://www.plone4artists.org/Members/victorcarl/poker-4.html
xhttp://sp2000europa.org/Members/lisafawn/poker-8.html
xhttp://oooauthors.org/Members/adriannapa/casino-8.html
xhttp://oooauthors.org/Members/adriannapa/casino-9.html
xhttp://lab2ipo.org/Members/oscarryan/casino-2.html
xhttp://msen.tamu.edu/Members/nickadam/casino-9.html
xhttp://atomworks.org/Members/elainekimb/joypaula/
xhttp://atomworks.org/Members/elainekimb/sherryjoy/
xhttp://snipsnap.nr.no/projectlink/space/janepatty/slot-1.html
xhttp://snipsnap.nr.no/projectlink/space/deanolga/casino-13.html
xhttp://snipsnap.nr.no/projectlink/space/tracyhayde/poker-14.html
xhttp://snipsnap.nr.no/projectlink/space/tracyhayde/poker-13.htmlYou know, I was thinking, Google might not be able to see these ‘redirects’. I guess it depends on how the redirects are coded. If Google could see them, then they could change their ranking immediately. Another thing could be that if a trusted site puts up a page that has completely new information, maybe it shouldn’t automatically be placed in the top 30 or so. I don’t know. But I think that if Google could see the auto-redirects, that they could ban these sites for a while. Auto-redirects suck. I prefer a link that the user has to click on. Giving poor ranking to auto-redirects could change alot about how this is done. But these hackers are a moving target, so there is no destination, just the journey and the ongoing battle.
Can we use the Google removal tool to “remove” these dead links that I mentioned to posts above ? Or can you only use this tool to remove links within your own sitemap ???????
Good news, lots of dead links from above………
This may have already been mentioned. But what I think these cheats do is use a custom bot to search the web for any and all pages (on a CMS or Blog, etc.) where they can exploit the page. I’ve seen these bots searching through my sites and they look for all sorts of weird doorways and directories. As soon as they get a positive result, then they move in for the kill. Script kiddies do this when they want to hack forums, etc.
Good news, out of the list above, only the following are still problems:
(plus duplicate ones from same host)xxxxx/neumann.sk.tsukuba.ac.jp/plone/Members/janetbritn/poker-3.html
xxxxx/www.plone4artists.org/Members/victorcarl/poker-4.html
xxxxx/sp2000europa.org/Members/lisafawn/poker-8.html
xxxxx/lab2ipo.org/Members/oscarryan/casino-2.html
xxxxx/atomworks.org/Members/elainekimb/sherryjoy/They are using Javascript to do the redirect. They are loading the src of the script from, you guessed it – xxxxx://seoexp.info/js/c060907.js If you want to see what these pages really look like, you can disable javascript and go to the links above. The Plone software is the perfect ‘host’ for this ‘virus’ because it gives the title, the meta keywords, meta description, everything that Google would require for placement.
If only we could do a search for all pages that include that javascript on google. This could give us an extra advantage for finding and reporting this crap.
Can you explain to my why so much hate for this guy? He certainly is a spammer but why so much hate? Most of you probably use some link exchange services and so on for your so called ‘white sites’ but in fact you are not better than him, he is just working on a bigger scale and makes hundreds of thousands of dollars a month. I bet most of you would love to have skills to do so. If he is higher in search results than you, that would explain why so much hate, but it also means that your SEO strategy is weak.
And you Mr dhayman, you would certainly benefit more from spending this one hour a day on building your own sites than on snitching to google about spammers because your actions give NOTHING, absolutely nothing
ps. I am not associated with this guy or any other spammer
Lappi, I read your post, and all I can say is what makes you think that I am male ????? And how much does he pay you to be his accountant (nice, accurate financial description) ?
Nice first and last post Lappi….
We dont like content thieves or black hatters here. Go post your crap at a forum that shares your appreciation for theft….
😡
Ouch professor lappi an unsavy character. I agree professor, labbi should take his job and shove it someone where else. greek39/
Thank you, Professor.
If Lappi ( German for “little rag”) makes so much money spamming, he better get back to it before he gets blown out of the water.
Dhayman might decide to wipe google clean with Lappi.
The fact that people show up here means we are having some impact…
