Tuesday, January 23, 2007

Attack of the SEO Bots on the .EDU Domain

A university's Internet presence often results in very high pageranks for their site, therefore, if a malicious spammer would like to harness the possibilities of having the spammed message appear among the top 20 search results, he'd figure out a way to post direct http:// links on various .edu domains, especially on the wikis residing there. That's the case with PuppetID : Matias Colins -- of course collins is spelled with one L only --. Matias Colins is an automated attack script that's already hosting hundreds of spam pages on the .edu domain, mostly adult related, and it's worth mentioning that where access to a directory has been in place, the hosted pages blocked caching from any search engine, or hosted one on its own. Redirection is perhaps what the attacker is very interested in too. See how this berkeley.edu link - dream.sims.berkeley.edu/~tdennis/wp-content/animalsex.php - redirects to a site for whatever the page title says, and this is yet another one - oit.pdx.edu/jethrotest/mysqldb.php.

Here are two more examples of another bot using my blog post titles to generate subdomains or the like, and of bots abusing Ebay's reputation system by self-recommending themselves.