Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
The Internet Crime Google Spam Your Rights Online

Several Link-Spam Architectures Revealed 38

workie writes "Using data derived from website infections, has found several interesting link-spam architectures. One architecture is where concentric layers of hijacked websites are used to increase the page rank and breadth of reach (within search engine search results) of scam sites. The outer layers link to the inner layers, eventually linking to a site that redirects the user to the scam site. Another architecture involves hijacked sites that redirect the user to fake copies of Google, having the appearance that the visitor is still within Google, but in reality they are on a Google lookalike that contains only nefarious links."
This discussion has been archived. No new comments can be posted.

Several Link-Spam Architectures Revealed

Comments Filter:
  • For the paranoid... (Score:5, Interesting)

    by Antony-Kyre ( 807195 ) on Sunday April 25, 2010 @05:30AM (#31972568)

    Consider doing all your banking, and any other sensitive stuff, on a computer totally separate from your web-surfing computer. Kind of like having a dummy wallet containing only petty cash and your ID when you go out at night versus your credit cards, etc.

  • Link Spam? (Score:3, Insightful)

    by AndGodSed ( 968378 ) on Sunday April 25, 2010 @05:30AM (#31972570) Homepage Journal

    I thought that google had ways of detecting these and down-ranking them?

    • Re:Link Spam? (Score:4, Insightful)

      by asdf7890 ( 1518587 ) on Sunday April 25, 2010 @07:11AM (#31972910)

      Every time Google adjust the rankings to account for the current crop of deceptive SEO techniques, people think up new deceptive SEO techniques. It is a moving target and Google can't move too fast without thinking as they risk disrupting unaffected parts of the algorithm resulting in reducing its effectiveness when presented with genuine links.

      Also Google may be the biggest name in town but they are not the only big name by a long shot. an SEO technique is not completely invalidated until such time as all popular engines have a away to discount it.

      And the summary (didn't RTFA, sorry) doesn't state that the techniques were proven to be working, just that this is what people are trying.

  • While its assertions are believable, I'd now like to see the methods and data
    • Re: (Score:2, Flamebait)

      by bguiz ( 1627491 )
      Also, I dislike their main tagline

      "The web is under attack from hackers. is working to reduce their chances of success."

      I take issue with their ignorance toward the difference between a hacker [] and a cracker []. (links to Eric Raymond's "The Jargon File")

  • Sounds familiar: []
    By the way, if blackhat SEO's describe this technique in the open, it's either already well known, or its effectiveness has been diminished to the point where hiding the details isn't worth it.

    • by workie ( 1754464 )
      The RescueTheWeb article is a high level discussion of link architectures that currently exist in the wild. The article wasn't trying to show samples since disclosure of which websites are breached is against the privacy policy of RescueTheWeb. These are private websites that have been breached by others and used to create these various structures. Thus, their web addresses would revel who's website were breached. I can tell you that an example 'constellation' Google look-alike search engine consists of
    • I had basically known it, but it's still daunting to face as an actual search customer.

      I like trying out freeware utilities. But sometimes it's tricky to know which are real links (could be some 15 real ones) and which are nastylinks (could be 85) for my 100-result first page of returns.

  • These guys are doing good work, but really, all they're doing is checking for some specific types of black-hat SEO. This is inherently a losing battle, because there's active opposition. It's a "negative file" approach - making a list of the bad guys. Credit cards once worked that way; merchants were sent daily lists of canceled or stolen credit cards. Back then, getting a credit card was tough; the customer had to be a good customer of the bank. Not until credit card transactions were validated remote

    • This only works if someone is searching for a business or product. Most searches are for information. There are LOTS of valuable websites run by individuals. You rank them all low?

      Why on earth do we want rankings to reflect credit ratings? You can trust sources with good credit ratings more? Lots of businesses with good credit ratings one year, have ended up with their CEO in the dock the next (e.g. Enron).

      You need a lot more data coverage than you have: you can cannot verify Glaxosmithkline, Vodafone (main

      • by Animats ( 122034 )

        Re SiteTruth complaints: (We have a blog [] for that.)

        Non-commercial web sites aren't rated at all. However, the presence of an ad link marks a site as "commercial", as does being in ".com". Our "commercial intent" detection is rather simplistic. We really should have a classifier system doing that. Yahoo search R&D, back when they had search R&D, built one of those, but never did much with it. We've been reluctant to use machine learning techniques, though, because they reduce the transparency

What this country needs is a good five cent ANYTHING!