tag:blogger.com,1999:blog-4200729677025323332.post7941910465539581454..comments2010-04-25T19:48:32.163-07:00Comments on RescueTheWeb.Org: Scam Constellations and Spam Link ArchitecturesRescueTheWeb.orghttp://www.blogger.com/profile/16899646531624622599noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-4200729677025323332.post-82825246347250789992010-04-25T19:48:32.163-07:002010-04-25T19:48:32.163-07:00Canny, I've seen the use of 301's too. H...Canny, I've seen the use of 301's too. However, I generalized them to the simple word 'redirect' in the above graphs. The redirects didn't always use 301's. <br /><br />Yes, these architectures are mostly about search engine results. However, one of the interesting finds was where page rank was used to bait the customer and then a redirect (located on a hacked site) was used to move the user to a fake Google. The redirect only showed up when the incoming click had a referer of Google.com. This allowed only the incoming user to see the fake Google and not Google itself.RescueTheWeb.orghttps://www.blogger.com/profile/16899646531624622599noreply@blogger.comtag:blogger.com,1999:blog-4200729677025323332.post-54275028542332773402010-04-25T19:41:35.509-07:002010-04-25T19:41:35.509-07:00Kaj, With respect to the bartinotogaz . com links....Kaj, With respect to the bartinotogaz . com links. This appears to be part of a click fraud scheme where the perpetrator sets up lots of interlinked sites to raise the page rank of target pages that contain Google Ads. The goal is to get lots of clicks and make money from Google.<br /><br />The way I can see this pattern is by searching within Google for "http://bartinotogaz.com/owewt/". This search will show 300+ results of websites that link to bartinotogaz.com. If you look at some of these they all point to each other. Also, there is a site that lays on the edge of the mix called http:// commerciallender. www17. ireport. juridicosc. com. br/christiancommerciallenderloansinmcdonoughga/ which contains a Google Ad's javascript frame. However, in this case it looks like Google found them and shut them down since the Google Ad frame is no longer working.<br /><br />I agree this link architecture looks very ineffective, but it's still obviously there and an architecture doesn't mean it works. Hopefully there is an algorithm that can be generated to detect these low-quality link structures, so I can implement it in the RescueTheWeb analysis engine.RescueTheWeb.orghttps://www.blogger.com/profile/16899646531624622599noreply@blogger.comtag:blogger.com,1999:blog-4200729677025323332.post-11646147752811565762010-04-25T09:09:23.167-07:002010-04-25T09:09:23.167-07:00These architectures are mostly used for search eng...These architectures are mostly used for search engine traffic. In the hacked page, they also seem to use 301 redirects to transfer the flow of page rank to the scam site.<br /><br />Read about it here <br /><br />http://heavyglobe.blogspot.com/2010/04/spam-link-architectures-used-for-search.htmlAnonymoushttps://www.blogger.com/profile/14082887510285907720noreply@blogger.comtag:blogger.com,1999:blog-4200729677025323332.post-57687944134936873892010-04-25T08:45:08.674-07:002010-04-25T08:45:08.674-07:00How do those kinds of sites (http : / / bartinotog...How do those kinds of sites (http : / / bartinotogaz . com / owewt / 517573 . php) with lots of self referencing links fit into such scams?<br /><br />They appear to be hacked websites, as the core domain has nothing to do with the php script runnign those and they appear in google tracked keywords ~15% of all results for not so common key words.<br /><br />KKaj Kandlerhttps://www.blogger.com/profile/14332400733436167070noreply@blogger.comtag:blogger.com,1999:blog-4200729677025323332.post-3471165895243023782010-04-25T06:11:05.581-07:002010-04-25T06:11:05.581-07:00I've seen several servers being hacked just fo...I've seen several servers being hacked just for that reason. Remember the iframe javascript exploits that were, in some cases, spliced into the kernel? The majority of the servers were running cPanel. google for iframe exploit cPanel, something should come up.LaznoImehttps://www.blogger.com/profile/13221854713809775870noreply@blogger.com