Monday, August 29, 2011

www.debtconsolidationcare.com Hack Spam

This website www.debtconsolidationcare.com is listed on several .edu websites including Harvard.edu But the website is there only as a result of exploiting a Wordpress vulnerability which allows for a hacker to add pages to the websites below with this link in it debtconsolidationcare.com. Here are some of the hacked websites links below

http://www.eecs.harvard.edu/~cduan/comments/files/html/lowinterestrates.html
http://content.ksg.harvard.edu/blog/wp-content/plugins/simple_captcha/gdimg/womanwhoused.html
http://www.eng.utah.edu/~mcmurtry/Notes/archive/Notes/backup/personelloanfor.html
http://moodle.usj.edu.lb/user/profile/archive/doesatax.html
http://academic.pgcc.edu/psc/pcm/mop/pb/ahmcorpconstruction.html
http://www.neiu.edu/~music/staff/html/whatifyou.html


Here is the same page on other non .edu hacked websites.
http://www.galaxybrushes.com/blog/wp-admin/css/htm/noteletrackloans.html
http://www.voteforsam.ca/wp-content/themes/corporate/homehlp/creditconsolidationplan.html

By exploiting a vulnerability on these websites listed above which are mostly .edu related and placing a link to this domain www.debtconsolidationcare.com. The website did achieve a high placement for the keyword debt consolidation in the search engines in times of recession when more and more people are looking to consolidate there debts.

What is a top 10 keyword placement worth in Google for the keyword "debt consolidation" we do not know. We seriously doubt this is the only hack spam this person or group of people has done and are looking deeper into things.

We ask that anyone do there own investigation on this domain and if you find what we found than please do a spam report on this domain to Google, Yahoo and MSN.

Saturday, August 20, 2011

XRumer - Black Hat Tool

The XRumer - Black Hat Tool is used primarily to create forum post via automation but also creates user profiles and does referal spam. It also is evolving and will no doubt have more functionality as it evoloves.

Sic Profile Maker - Back Hat Tool

The Sic Profile Maker is an automated user profile generator that gets one way back links to websites via profiles created on forums. It has evolded to also do other types of spam such as comments automated directory submissions and more.

Link Farm Evolution - Black hat Tool

The Link Farm Evolution is an automated blog creation and posting program designed to Get higher positions in SERPs and wicked-fast indexing by search engines with thousands of free one-way links.

Wednesday, July 20, 2011

SeNuke - Back Hat Tools

The SENuke - Back Hat Tool is another automated program that creates blogs on free networks and auto posts to those blogs and than gets backlinks to those blogs.

Brute Force SEO - Black Hat SEO Tool

The Brute Force SEO - Black Hat SEO Tool creates accounts on free websites and blasts these links on web 2.0 websites and than links all the sites together to the spam/money site. Its an automated backlink building program.

Sunday, June 19, 2011

Wiki Spam Definition

Wiki Spam Definition

Wiki Spams Definition is best covered by Wikipedia themselves @ Wikipedia Spam

But for what we are hunting in this type are bots or humans that leave links on wikis on mass levels. We look are other types of wiki spam but our focus for now is on this type of spam.

Social Media Spam Definition

Social Media Spam Definition is covered by Wikipedia well in the post entitled Social networking spam

Social networking spam is spam directed at users of internet social networking services such as MySpace, Facebook or LinkedIn. Users of social networking services can send notes, that may include embedded links to other social network locations or even outside sites, to one another.

This is where the social network spammer comes in. Utilizing the social network's search tools, he/she can target a certain demographic segment of the users, or use common fan pages or groups to send notes to them from an account disguised as that of a real person. Such notes may include embedded links to pornographic or other product sites designed to sell something.

Stopping spam: It's not easy. Most sites have a “report spam/abuse” addresses. Spammers, however, frequently change their address from one throw-away account to another.

A new, more powerful form of viral marketing / spam / hacking was seen on Facebook in May, 2010, but could be used almost anywhere. Users follow a link to a seemingly harmless Facebook Fan page (Fan pages are used by businesses, and do not require their consent to become their Friend.) This Facebook Fan page was for "10 Big Fat Lies Women Tell Men." To view the "10 Lies" the user is directed to tap a series of keystrokes (CTRL-C, CTRL-V, etc.) that appear to be a harmless game or test. This copies and pastes a cryptic string of Javascript code into the URL (Address) field of the user's browser. Unknown to the user, the hacker's code automatically sends an invitation email to every Friend of the user. It automatically answers 'yes' to every security question ordinarily used to make certain this is what the user wanted to do. Emails are sent in the user's name to invite every one of their Friends, who will also be hacked the same way (since they all have Facebook accounts). The final purpose is to sell a product or obtain the victim's cellphone number for further criminal activities.

Some social networking sites also ask users to let them access their address books and contact lists and use email invites for viral marketing. This is controversial as it requests the permission of the address book owner but not the owner of the email addresses within it. This situation is made more complex by users not reading what the information will be used for. The social networking site Quechup, run by iDate corporation is a recent example.[1] Quechup was criticized by many users for misleading them and hiding the nature of the feature in the 'small print' of the site's terms. However, text that provided an unclear explanation of how the feature worked was part of the sign-up process, but failed to state exactly what would happen.[2] This raises the issue of 'click happy' users 'opting-in' without first reading what they are accepting.

Thursday, May 19, 2011

Tag Spam Definition

Tag Spam Definition

This type of spam is almost useless nowadays but when combined with other types of spam it has some effects which makes it a top priority on our list of spams to hunt.
Wikipedia has a great article about tags and tag spam entitled Tag (Meta Data)

Tagging systems open to the public are also open to tag spam, in which people apply an excessive number of tags or unrelated tags to an item (such as a YouTube video) in order to attract viewers. This abuse can be mitigated using human or statistical identification of spam items.[19] The number of tags allowed may also be limited to reduce spam.

Referrer Spam Definition

Referrer Spam Definition

Referral Spam definition is covered by Wikipedia very well and is no doubt a very bad thing for website owners and webmasters. Anyone lookin gto review as to what i tis and ho wit is done should reada below or click over on the Wikipedia link entitled Referrer spam for more information.

Referrer spam (also known as log spam or referrer bombing[1]) is a kind of spamdexing (spamming aimed at search engines). The technique involves making repeated web site requests using a fake referrer url that points to the site the spammer wishes to advertise.[2] Sites that publicize their access logs, including referrer statistics, will then end up linking to the spammer's site, which will in turn be indexed by the search engines as they crawl the access logs.

This benefits the spammer because of the free link, and also gives the spammer's site improved search engine ranking due to link-counting algorithms that search engines use.

Tuesday, April 19, 2011

Hacked Website Spam Definition

Hacked Website Spam Definition is written about in the Google webmaster forums and on several official Google blogs. The post that best defines this is from Googles webmaster blog entitled Is your site hacked? New Message Center notifications for hacking and abuse

Forum Spam Definition

Wikipedia has a great article about what forum spam is entitled Forum Spam

Forum spambots surf the web, looking for guestbooks, wikis, blogs, forums and any other web forms to submit spam links to. These spambots often use OCR technology to bypass CAPTCHAs present. Some spam messages are targeted towards readers and can involve techniques of target marketing or even phishing, making it hard to tell real posts from the bot generated ones. Not all of the spam posts are meant for the readers; some spam messages are simply hyperlinks intended to boost search engine ranking.

Most forum spam consists of links to external sites, with the dual goals of increasing search engine visibility in highly competitive areas such as weight loss, pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for these commercial websites. Some of these links contain code to track the spambot's identity if a sale goes through, when the spammer behind the spambot works on commission.

Spam posts may contain anything from a single link, to dozens of links. Text content is minimal, usually innocuous and unrelated to the forum's topic, or in a very old thread that is revived by the spammer solely for the purpose of spamming links. Some text is included to prevent the post being caught by automated spam filters that prevent posts which consist solely of external links from being submitted. Full banner advertisements have also been reported.[by whom?]

Alternately, the spam links are posted in the user's signature, in which case the spambot will never post. The link sits quietly in the signature field, where it is more likely to be harvested by search engine spiders than discovered by forum administrators and moderators.

Saturday, March 19, 2011

User Profile Spam Definition

The Google Webmaster Blog on Blogspot has a great definition of what user profile spam is and should be read by all SEO professionals which is entitled Spam2.0: Fake user accounts and spam profiles


Welcome to the world of spam profiles. The social web is growing incredibly quickly and spammers look at every kind of user content on the web as an opportunity for traffic. I've spoken with a number of experienced webmasters who were surprised to find out this was even a problem, so I thought I would talk a little bit about spam profiles and what you might do to find and clean them out of your site.

Why is this important?
Imagine the following scenario:

"Hello there, welcome to our new web2.0 social networking site. Boy, have I got a new friend for you. His name is Mr. BuyMaleEnhancementRingtonesNow, and he'd love for you to check out his profile. He's a NaN-year-old from Pharmadelphia, PA and you can check out his exciting home page at http://example.com/obviousflimflam.


Not interested? Then let me introduce you to my dear friend PrettyGirlsWebCam1234, she says she's an old college friend of yours and has exciting photos and videos you might want to see."


You probably don't want your visitors' first impression of your site to include inappropriate images or bogus business offers. You definitely don't want your users hounded by fake invites to the point where they stop visiting altogether. If your site becomes filled with spammy content and links to bad parts of the web, search engines may lose trust in your otherwise fine site.

Why would anyone create spam profiles?
Spammers create fake profiles for a number of nefarious purposes. Sometimes they're just a way to reach users internally on a social networking site. This is somewhat similar to the way email spam works - the point is to send your users messages or friend invites and trick them into following a link, making a purchase, or downloading malware by sending a fake or low-quality proposition.

Spammers are also using spam profiles as yet another avenue to generate webspam on otherwise good domains. They scour the web for opportunities to get their links, redirects, and malware to users. They use your site because it's no cost to them and they hope to piggyback off your good reputation.

The latter case is becoming more and more common. Some fake profiles are obvious, using popular pharmaceuticals as the profile name, for example; but we've noticed an increase in savvier spammers that try to use real names and realistic data to sneak in their bad links. To make sure their newly-minted gibberish profile shows up in searches they will also generate links on hacked sites, comment spam, and yes, other spam profiles. This results in a lot of bad content on your domain, unwanted incoming links from spam sites, and annoyed users.

Which sites are being abused?
You may be thinking to yourself, "But my site isn't a huge social networking juggernaut; surely I don't need to worry." Unfortunately, we see spam profiles on everything from the largest social networking sites to the smallest forums and bulletin boards. Many popular bulletin boards and content management systems (CMS) such as vBulletin, phpBB, Moodle, Joomla, etc. generate member pages for every user that creates an account. In general CMSs are great because they make it easy for you to deploy content and interactive features to your site, but auto-generated pages can be abused if you're not aware.

For all of you out there who do work for huge social networking juggernauts, your site is a target as well. Spammers want access to your large userbase, hoping that users on social sites will be more trusting of incoming friend requests, leading to larger success rates.

What can you do?
This isn't an easy problem to solve - the bad guys are attacking a wide range of sites and seem to be able to adapt their scripts to get around countermeasures. Google is constantly under attack by spammers trying to create fake accounts and generate spam profiles on our sites, and despite all of our efforts some have managed to slip through. Here are some things you can do to make their lives more difficult and keep your site clean and useful:

Make sure you have standard security features in place, including CAPTCHAs, to make it harder for spammers to create accounts en masse. Watch out for unlikely behavior - thousands of new user accounts created from the same IP address, new users sending out thousands of friend requests, etc. There is no simple solution to this problem, but often some simple checks will catch most of the worst spam.

Use a blacklist to prevent repetitive spamming attempts. We often see large numbers of fake profiles on one innocent site all linking to the same domain, so once you find one, you should make it simple to remove all of them.

Watch out for cross-site scripting (XSS) vulnerabilities and other security holes that allow spammers to inject questionable code onto their profile pages. We've seen techniques such as JavaScript used to redirect users to other sites, iframes that attempt to give users malware, and custom CSS code used to cover over your page with spammy content.

Consider nofollowing the links on untrusted user profile pages. This makes your site less attractive to anyone trying to pass PageRank from your site to their spammy site. Spammers seem to go after the low-hanging fruit, so even just nofollowing new profiles with few signals of trustworthiness will go a long way toward mitigating the problem. On the flip side, you could also consider manually or automatically lifting the nofollow attribute on links created by community members that are likely more trustworthy, such as those who have contributed substantive content over time.

Consider noindexing profile pages for new, not yet trustworthy users. You may even want to make initial profile pages completely private, especially if the bulk of the content on your site is in blogs, forums, or other types of pages.

Add a "report spam" feature to user profiles and friend invitations. Let your users help you solve the problem - they care about your community and are annoyed by spam too.

Monitor your site for spammy pages. One of the best tools for this is Google Alerts - set up a site: query along with commercial or adult keywords that you wouldn't expect to see on your site. This is also a great tool to help detect hacked pages. You can also check 'Keywords' data in Webmaster Tools for strange, volatile vocabulary.

Watch for spikes in traffic from suspicious queries. It's always great to see the line on your pageviews chart head upward, but pay attention to commercial or adult queries that don't fit your site's content. In cases like this where a spammer has abused your site, that traffic will provide little if any benefit while introducing users to your site as "the place that redirected me to that virus.

Paid Blog Posting Defenition

Anytime you pay someone to write about your website and they add a link in the article to your website is considered to be a paid link. Someone who does write about a website can add the rel= no follow attribute to the link and make sure to disclose that it is a paid advertisement to avoid any confusion.

Matt Cutts from Google has a great post entitled How To Report Paid Links. in it he discusses how to report paid links some companies that do this sort of paid blog posting and a lot more. No doubt worth a read time and time again for any SEO.


Thursday, February 17, 2011

Comment Spam and its definition

Google has a great article about comment spam and why most link spammers do it. Below is from the official Google webmaster blog post named Hard facts about comment spam

FACT: Abusing comment fields of innocent sites is a bad and risky way of getting links to your site. If you choose to do so, you are tarnishing other people's hard work and lowering the quality of the web, transforming a potentially good resource of additional information into a list of nonsense keywords.

FACT: Comment spammers are often trying to improve their site's organic search ranking by creating dubious inbound links to their site. Google has an understanding of the link graph of the web, and has algorithmic ways of discovering those alterations and tackling them. At best, a link spammer might spend hours doing spammy linkdrops which would count for little or nothing because Google is pretty good at devaluing these types of links. Think of all the more productive things one could do with that time and energy that would provide much more value for one's site in the long run.

What can I do to avoid spam on my site?

Comments can be a really good source of information and an efficient way of engaging a site's users in discussions. This valuable content should not be replaced by gibberish nonsense keywords and links. For this reason there are many ways of securing your application and disincentivizing spammers.
  • Disallow anonymous posting.
  • Use CAPTCHAs and other methods to prevent automated comment spamming.
  • Turn on comment moderation.
  • Use the "nofollow" attribute for links in the comment field.
  • Disallow hyperlinks in comments.
  • Block comment pages using robots.txt or meta tags.

Monday, February 14, 2011

Types of spam we Gorillas hunt.

The types of spam we hunt are all kinds and any that help garner better search engine placement . This will no doubt be an ongoing post but for now we want to start with the top 10 spams we are looking for.

1. Comments Spam
2. Paid Blog Posting
3. Forum Post Spam
4. User Profile Spam
5. Referral Spam
6. Directory Spam
7. Social Media Spam
8. Paid Links Spam
9. Hacked Website Spam
10. Wiki Spam

Should you see any spam that uses these methods please notify us and Google, Yahoo, and Msn of your finding. We will investigate every finding sent to us and thank you for your time to contact us about anyone one of these types of spam.


Monday, January 17, 2011

SEO Gorillas now up and working for you!

We set up search engine optimization gorillas for you the world wide web. We did this in order to better the web as a whole by pointing out all the spam on the web we find. We have several teams of search engine optimizers that dedicate personal time to finding spam on the web using top search keywords phrases in the SERPs and long tail search keyword phrases as well.

Sometimes finding spam on the internet can be overwhelming and so we decided to help out the major search engines by finding spam and alerting them to it, as well as posting our finding.

We do our best to authenticate all spam and review everything three times before posting our results of our spam hunts online.