Sneaky Spammers and “Clickthrough Cloaking”

As I mentioned earlier, it appears a spammer has hacked this blog again. This time they were especially sneaky about it. You won’t see the spam when you visit my blog, or when you get my feed or e-mail alerts. But search engines see it, and display it in my search engine results. Which can do serious damage to my search ranking, and eventually get me banned from Google and other search engines if I don’t put a stop to it.

Judging from how this spam hack is exhibiting, the most likely explanation seems to be something Tom Vilot turned up with a bit of research. (Thanks, Tom!)

It appears that this hack is using a technique known as cloaking, which serves one page to search engines crawling the site, and another to visitors’ web browsers. This means the search engines are not actually indexing the same content that people see when they visit your site. Nice for the spammers, bad for the site owners.

Microsoft published a 2006 technical paper detailing this technique and what to do about it. From the intro:

“Search spam is an attack on search engines’ ranking algorithms to promote spam links into top search ranking that they do not deserve. Cloaking is a well-known search spam technique in which spammers serve one page to search-engine crawlers to optimize ranking, but serve a different page to browser users to maximize potential profit. In this experience report, we investigate a different and relatively new type of cloaking, called Click-Through Cloaking, in which spammers serve non-spam content to browsers who visit the URL directly without clicking through search results, in an attempt to evade spam detection by human spam investigators and anti-spam scanners.”

…Coincidentally, I just updated all my WordPress plugins yesterday. Also, Google just re-indexed me a few hours ago. The spam is no longer showing up for my site in Google’s results, which indicates that by updating my plugins I may have closed this vulnerability, for now. We’ll see.

One thought on “Sneaky Spammers and “Clickthrough Cloaking”

  1. Pingback: - Dammit, this blog has been hacked again!

Leave a Reply

Your email address will not be published. Required fields are marked *