The Geospatial Art FAIL landing page resurfaces!
|| 7/7/2009 || 10:38 pm || + Render A Comment || ||
Back in December of last year I found that there had been a page added to my website by a malicious robot and had some fun exploiting the fact that hundreds of people were clicking on fraudulent search engine results. Sure enough, last night it happened again, but unlike last time, I found out WHY it happened.
Unknown to me, on three different websites of mine, there were folders that had incorrect file permissions. Generally speaking, each file and folder on a website has its own set of permissions which allow different users different levels of access. Nearly all of my files and folders have their permissions set to 755, which allows me, and only me, the ability to change the contents of the folders on my website. However, today I discovered that three folders on three different websites had their permissions set 777, which means that ANYONE could write files to these folders. The result was that a malicious robot exploited this lack of security and wrote their own files to my websites.
I found out about this from a random person who informed me that there was a page on my website that was sending people to a page that forces people to download a fake virus scanner that I can assume was rouge malware. I contacted my hosting provider thinking that my website passwords were compromised and the tech support responded with a listing of all the folders on all my websites that contained 777 file permissions.
From there, I went to each of these folders and looked around for the newly added malicious files. Instead of merely deleting the files, I opted to do what I did last time, and replace the malicious code with my own basic HTML file. The result so far has been over a 2,000 people clicking on the fake search results and being brought to a landing page like the one above telling them they should try searching again.
I must say that their hack is pretty simple, but also rather sophisticated. I would not have realized that I was being used to help spread malware unless that person had notified me. They work by using a HUGE list of basic words, then they dynamically create hundreds of new pages that feature the keywords. Finally, Google’s own robots visit the page and enters the hundreds of fake entries into their database. The beauty of this process is that evil geniuses behind the code use one PHP file to dynamically generate hundreds of fake pages that all draw people to their webpage— and now they are coming to my website instead.
Throughout this week I am going to continue to monitor this discovery and analyze the code that was used to generate these pages.
Here is an example of a bad search result from Google:
My page just so happened to be the only page on the Internet with those exact words.
Geospatial art created by exploiting search engine aggregation algorithms
|| 12/10/2008 || 6:22 pm || Comments Off on Geospatial art created by exploiting search engine aggregation algorithms || ||
The other day I noticed that there were literally hundreds of search engine results that contain a fictitious url to a page on my website that didn’t exist. It appears that Internet bots have exploited an issue with search engine aggregation algorithms to trick them into showing a bogus search result for a page that never existed on my website. Throughout the internet there are numerous pages that contain https://nikolasschiller.com/showthread.php?XXXXX and when people clicked on the bogus link they were brought to a 404 page. Last night I created a copy of this website’s splash page and renamed the file showthread.php. Now when people click on the fake link in the fraudulently created search engine result, they are brought to my website’s beautifully abstract splash page. Today I’ve been receiving all sorts of random visitors!
– 12/13/08 – I’ve decided to change the page slightly and add the word FAIL
to the landing page. The reason for this is because the person landing on the page failed to find what they were looking for.
Watching Google Crawl…
|| 3/18/2008 || 7:42 am || Comments Off on Watching Google Crawl… || ||
Last Friday I removed the electronic Berlin Wall from my website and for the first time in 4 years I’ve released the contents of my website to search engines. Yesterday Google had crawled about 20 pages; half of which were already linking to my website from external sources. Today after last the check, Google has now cataloged about 320 of the 1500+ pages that were submitted with my website’s sitemap. I look forward to looking at the IP logs to see how Google’s robots do their crawling and the latency that exists between crawling and appearing in a search result. From my initial observations everything take at least 24 hours between the crawling and the content’s appearance within a search result. By the end of today, I bet there will be 750 pages indexed….
Welcome Robots and Strangers
|| 3/14/2008 || 1:48 pm || Comments Off on Welcome Robots and Strangers || ||
Below is the text of an e-mail I sent out today:
One year ago today my ugly mug was on the front page of the Washington Post’s style section in David Montgomery’s article “Here Be Dragons.” To celebrate the one year anniversary of this 15 minutes of fame I did something I’ve been waiting a VERY long time to do– I removed the Robots Exclusion Protocols from my website. This means that in a few weeks you will be able to find the contents of my website with a simple search string from your favorite search engine.
Before 12:01am today, you could only search the contents of my website on my website. By preventing my website from being crawled by spiders (or robots as they are technically called) I also prevented anyone [strangers] from freely accessing the hundreds of maps that I’ve made over the last 4 years. Thus the paradox of making maps without being able to be found is now over, and in that respect I am liberating myself from the self-censorship experiment that I’ve been conducting these last few years.
Frankly, dear reader, its a very nice feeling. I am unaware of any website that has opened itself up to the robots with over a 1,000 different pages to index at once. I sincerely wonder what search words will bring people to my website from this day forward. Currently postmodern art is my number one search string (I am currently listed at #5)– and that was only possible because of the article that was published one year ago today. So with that said, today marks the beginning of a new phase in my life, and maybe yours– if you search for the right words.