Black Hat Evolution - Spamming Google for Ringtones
Check out this EDU spam result at #4 in Google for ringtones:
As usual, it's an EDU site. Clicking on that #4 result takes you to this page on a community college's Web site:
Clicking on any of the the links takes the visitor to an intermediate page — the URL shown in the middle of the page.
That page has the following code — I've highlighted the interesting parts:
<html><head>
<META HTTP-EQUIV=REFRESH
CONTENT="3;URL=http://themenspills.com/?sub_id=7&a=pills&do=show_pills&pills=6,102,18,120,122,121">
</head><body>
<form name="formr"
action="http://themenspills.com/?sub_id=7&a=pills&do=show_pills&pills=6,102,18,120,122,121" method="POST" target="_top">
</form>
<script language="JavaScript">
formr.submit();
</script>
</body></html>
It uses a form where the action is to go to http://themenspills.com. And then below that it uses JavaScript to automatically submit the form. Search engines don't follow form submissions so they may not read the URL in the action attribute. Users can't stop the form from being submitted unless the JavaScript is turned off. And even if JavaScript is turned off, the meta redirect will send visitors to the destination page.
This is the final destination:
The Black Hat SEO Method
This is how it works:
- The search engines rank the original page because it has a massive number of links pointing at it. Yahoo SiteExplorer shows over 6,000 links to that one EDU spam page. Those IBLs are generated by comment spamming.
- The EDU page is on a trusted domain — an educational institution. It is easy to rank a page on a trusted site, especially if it suddenly gets a lot of backlinks.
- The search engines probably can't see that the EDU spam page links to a viagra site because it contains no outbound links or even the usual obsfucated JavaScript. Visitors are taken to the target page by the invisible form that auto-submits with JavaScript. If JavaScript is turned off, the page will still redirect in 3 seconds with a meta-refresh tag.
Here is Yahoo SiteExplorer showing the 6,000+ inbound links to the spam EDU page:
Even a CAPTCHA image cannot stop the comment spam:
The Evolution of Google Ringtones Spam
I am calling this post Black Hat Evolution because I've been watching the EDU ringtones spam for a while and most of it was using obsfucated JavaScript code that would load other JavaScript code into the page. The second, off-site JavaScript would be the one that created the redirect. This is the first time I've seen ringtones spam where the SEO made an invisible form that submits with JavaScript.
Did you find this post helpful? Leave a comment below, and subscribe to my RSS feed.
- Webmaster Tips's blog
- Login or register to post comments
- Email this page
NEW: Drupal 6 Book
Who's new
- cmgui
- pea
- MikeyLikesIt
- sambarang
- cuttiekomal
Subscribe (RSS)
Search
Free Your Computer
"Vista is at best mildly annoying and at worst makes you want to rush to Redmond, Wash. and rip somebody's liver out."
— Forbes.com
Let Dell know that you want pre-installed Linux by voting at Dell Idea Storm
