OT: Weird search engine problem - fake goods hijacking

Verified, I am having the same issue. This is quite serious and alarming!

Right some handbag site, and not one doing outdoor bounce magic things. That's with google. for Duckduckgo I get something that advertises handbags, but when I click on the link it takes me to

Duckduckgo has the fake handbags in the search results, but clicking on the Cromore link brings up the genuine site. So it looks like the DNS poisoning thing is getting fixed.

Cheers

Phil Hobbs

How's it been done though? The indexed text was never on the sites affected but must have been webcrawled by Google and Bing believing that they were in the right place and with enough of the right structure to be able to hijack or modify deep links.

Actually I have only seen root level link hijacks work, but I have seen random trendy designer geezers appended to deep linked page titles.

How is it done ? Well I am not sure but I did research SEO a bit back when I had a reason. They could optimize a site to look the same and respond the same as the site they want to mimic. this would only be done by the unscru pulous of course because the "real McCoy" wants to be found. Then a bot kee ps on searching using their listed keywords and then chooses the results th at go to their client's hacking site.

Another way would be fake DNS registration. I have no idea how that works b ut many things can be done. This is no easy thing from what I've gleaned th ough I did notice for example that when I had AOL and went to eBay I went t o "aol.ebay.com", not "ebay.com". If that is possible then this is possible .

But ebay allowed that as far as I know. Well, what if they got hacked and d idn't detect it ? One day AOL gets me on the phone and said I have been hac ked. I had to change all my passwords right now. I never stored a password for any of that, so I queried - "Wait, I got hacked ?", "Yes, your account got hacked". Then I said "What you mean is that YOU got hacked". The answer was a begrudging YES.

So there are two possible ways of which I am aware, and I am not all that u p to date on this subject. But at least you are aware of the URL you are at , how m any people aren't ? I bet they can hire alot of hackers for the mon ey they make off the unaware.

And if the allegations of Russian hacking are true, then this is what they do in kindergarten. But then I reserve judgement still awaiting any real ev idence excluding "He said that they...".

Just think of something really moronic because that's how all this internet programming is put together.

What's the problem?

Your third word isn't found so it's ignored.

You search for 'Hermes fake' and you get 'Hermes replica' because it uses synonyms.

What's unexpected about that?

"Cromore castles" is a company that rents bouncy castles for kids' parties, and the main page of their Web site currently resolves to a Chinese outfit selling fake handbags.

Cheers

Phil Hobbs

Some people have no understanding of the internet but comment anyway.

"cromorecastle" is not found in Google. "cromorecastles" shows the right site.

When I visit that site, I see the right thing, not fake handbags. Therefore they must be the subject of a DNS attack that affects your DNS service but not mine.

Clifford Heath.

It seems to depend on how it is accessed at the moment.

If you visit it via the google search results I get a scam site. Typing the address directly into the browser bar I get a normal site.

duckduckgo shows scam text in the search results, yet clicking on the links goes to the normal site.

Good observation. Thanks.

Ah, a ubuntu user!

Here's another. 10.04, April, 2010.

Works great. No need to update. Saves time and hassle.

Where else can you run an operating system so long with no shutdowns due to broken updates?

Here's another. 10.04, April, 2010.

Works great. No need to update.

Where else can you find an operating system that works so well and has no risk of destruction due to updates?

for visiting scam websites for sure :)

You misunderstand the problem. The search result shows the real site on th e link. If you hover the link, your browser shows the correct site. When you click the link, however, you get sent to the scam site. If you type th e correct site into the address bar this does not happen, proving the corru ption is on the search engine.

the >link. If you hover the link, your browser shows the correct site. Wh en you >click the link, however, you get sent to the scam site. If you typ e the >correct site into the address bar this does not happen, proving the

so this is a great concern..

everyone knows not to click links in emails because they may be spoofs

when I want to go to paypal for example and be sure it is not a spoof, I would use google, type paypal and and click the search result.

I guess what this means is that this is no longer a secure method to assur e you are not at a spoof.

this means i must type https:paypal.com into the browser window to be sure?

mark

It is a moderate concern. Thanks to help from an internet wizard I now have chapter and verse on the compromised sites. The vulnerability is in a script language PHP version 5.x with x

PHP is currently at version 7. And 5.2 means immediate danger.

The method used was an injection attack that rewrote the .htaccess file and added a bogus index.php file to the root directory.

Once this is done the index.php gets first bite at the cherry and tells spiders to go one way and users to go another if the referrer is one of the major search engines. The nasty code is surprisingly short.

I found that by opening site in a new window you could see the true URL momentarily before the script rewrote it with fake goods emporium #1.

It certainly means you cannot entirely take results from search engines at face value. It also means that occasionally you should search for your own site and click through the resulting links to see that you do in fact land on your site and not on some dodgy hijack location.

If you do find a site with questionable behaviour this site seems to dig the dirt and at least warns of malware for some of the dodgy ones (it has given me false negatives though so not foolproof):

eg.