Comments on: Google Proxy Hacking: How A Third Party Can Remove Your Site From Google SERPs

By: Hawaiian Shirts

Hawaiian Shirts — Thu, 11 Sep 2008 23:02:29 +0000

I have been hearing about this kind of stuff for quite some time now. Is it still going on or has Google fixed the problem by now?

By: Graeme Pietersz

Graeme Pietersz — Thu, 21 Aug 2008 05:27:08 +0000

Some pages of my site were briefly replaced by pages from a proxy.

I complained to Google (with an online spam form, not a DMCA letter or any formal avenue) and they have been removed from the index. I also emailed their hosting company and the site is now down.

They were definitely doing it deliberately. Their URL resembled that of a legitimate site, and their front page redirected to proxy that site.

By: Wick-edly Sent Scented Candles

Wick-edly Sent Scented Candles — Wed, 21 May 2008 20:50:29 +0000

This is very distressing, I often wondered if this applies to articles when we distribute them. I've placed articles on my site and send them through Ezine or Isnare, would that be considered duplicate content? And does just the homepage get affected, or the entire site?

Thanks for sharing this info. WS

By: Hami

Hami — Sun, 11 May 2008 16:42:49 +0000

wow! great article… my site was in google for 7 months.. but suddnely disappeared from last two weeks….

By: Dan Thies

Dan Thies — Thu, 08 May 2008 16:41:50 +0000

Igor, buddy... it's been fun but I'm gonna have to shut you down now.

There's no difference between a spoofed header from curl and any other spoofed header.

Even if it were possible to fake both ends of the forward and reverse lookup, it's hardly necessary, if your only goal is to construct a proxy that will fetch a page and return it to a search engine's bot.

All you have to do is look like a normal user, strip out robot meta tags and X-Robots headers, and pass the result back.

If this problem reappears (Google seems to have solved it for now), and a bunch of idiots start doing that, we have a number of additional countermeasures which would thwart the attempt.

I will not discuss the nature of those countermeasures unless it becomes necessary to engage the issue again.

By: John Hill

John Hill — Thu, 08 May 2008 16:23:48 +0000

Webmaster I am not, but I am fascinated by your article. This morning my website which has been up for years, disappeared from Google's index. For months it was #1 when I searched for many variations of juice plus john or juice plus canada. I have spent the day trying to find out where it went and how to get it back. Your article opened a whole new possibility. I'd appreciate any tips.

By: Igor The Troll

Igor The Troll — Thu, 08 May 2008 16:07:12 +0000

One way, if it is possible it would be to check on each one of your pages, if the request is from culr_init() If it is cross reference the IP to your allowed bots IPs if it is on the list allow it.

This would at least protect you from the home made proxies.

But I did a search for checking if a request is curl_init and found nothing.

As far as someone pretending to be an IP that they are not is very easy to do! Piggyback on another IP! Have that IP make the request. You can also use IP spoofing to make the handshake.

Read this. http://www.computing.net/answers/programming/php-remoteaddr-integrity/9140.html

Tell us if you find a way to check for curl_init() request.

By: Dan Thies

Dan Thies — Thu, 08 May 2008 14:09:30 +0000

Drak,

What you describe is a pretty standard step in preventing content theft – this particular issue is a bit more subtle.

That's a nice way to identify bad bots if you disallow /trap in robots.txt – since the bad guys rarely bother to read that file, and if they do it's usually the first place they look.

But it wouldn't do much good when you're trying to identify good bots coming in by proxy, unless you plan to allow them to spider past a hidden link.

It also would not prevent them from grabbing other content (like your home page) at a proxy URL while you're waiting for them to request the trap page.

By: Drak

Drak — Thu, 08 May 2008 09:11:03 +0000

There is a much easier way to detect bots using a spider trap. You simply hide a link somewhere on your site that would be invisible to normal users /trap/trap.php

Then this script takes note of the IP address and adds it to your .htaccess script blocking the IP after validating if it is a bot you want to deal with (using ARIN lookups). You can have other scripts that expire the blocks or count the number of return offenses.

Drak

By: Igor The Troll

Igor The Troll — Wed, 07 May 2008 17:18:24 +0000

"If my server gets a request that appears to come from 11.22.33.44, my server will send the response there. If that's not your actual IP, you won't get the response, will you?"

Very good and logical question. Not sure about this. I would imagine not, but who knows! Is the response based on the TCP/IP handshake or on browser sessions?

Need to consult Dark Vader on this and will get back to you as more information gets illuminated from the Dark Side.

May the force be with us to defeat Evil Google!