Sunday, June 18, 2006

The Moldavian Blackhat

First of all people should stop blaming Google, they are not perfect but still the best on removing spam sites.

If MSN and Yahoo have much fewer indexed pages from this guy's domains, it is only because their bots are lazier and their index space lower.

Some of his sites are already banned from Google, some not, of course you would probably expect G to act faster, but I think they want the banning process to be automatically to avoid further spam. If they ban manually, tomorrow 10 others will spam again.

Here is a quick explanation on how he did this whole madness:

1) He registered a couple of domains (t1ps2see.com, eiqz2q.org, etc)

2) He used some lame automatic page generator to make thousands of meaningless pages.

3) He setup his web server(probably mod_rewrite rules) and DNS to work with anysubdomain.domain.com, we can see this on a random query:
$ host worihqweoirhwqer.t1ps2see.com
worihqweoirhwqer.t1ps2see.com has address 70.87.73.35

4) A little programming on the site for interlinking pages and probably for querying some mysql databases where he stored the generated pages.

5) He setup some kind of cloaking, using body onLoad="document.f.submit()" and also giving a page to googlebot and another to visitor, creating confusion. He even denied page caching, but seems like he missed msn where cached pages still appear.

6) He used a couple of trusted(or ex-trusted) PR5 sites like
www.intermedia.md, www.chat.md, www.faces.md, etc. to get backlinks
Although we no longer see them now, in a cached page of these sites there are entries like:

a href="http://2333.water.eiqz2q.org"
img src=http://images.faces.md/images/0.gif border=0
a href="http://1272.manager.eiqz2q.org"
img src=http://images.faces.md/images/0.gif border=0
a href="http://307.pizza.eiqz2q.org"
img src=http://images.faces.md/images/0.gif border=0

7) He waited a few days for his pages to get indexed


Have you noticed anything spectacular? No! Any webmaster with a few programming knowledge can do this... but it will be totally unethical.

And you should also notice the BAD parts in this: he has nothing stable, he will get banned sooner or later and will have to start over and he had to sacrifice those PR5 sites: faces.md, welena.com, intermedia.md, etc. Another bad part for him is that he attracted too much the attention of webmasters, many forums talk about this now and sending abuse reports to Google.


Some of the white hats maybe now wants to try this? I don't know if it's illegal or not, probably not but you should "Know well what leads you forward and what holds you back".

6 comments:

Anonymous said...

Don't you see thousands of backlinks in yahoo?

Ken said...

All of the backlinks look to be from Google scraper sites where he showed up in the SERPs which leads me to believe he was indexed in Google way before those backlinks showed up in Yahoo.

Ana Aman said...

thousands of backlinks in yahoo? those came automatically after he got indexed, any site with many indexed pages gets that kind of backlinks which are actually pretty useless in google since sites who makes them get banned..scrapped sites

Anonymous said...

The guy was a genius. he probably made tens of thousands in just a few days.

Jim said...

He's been busy exploiting a flaw in Blogger.

Anonymous said...

Sounds exactly like what these asshats are probably doing...

http://www.morethantraffic.com/