This is scary. I just received this same email almost 10 times, apparently from Google regarding one of the pages on this blog containing malicious software…
 |
Dear site owner or webmaster of affiliatebestprograms.com,
We recently discovered that some of your pages can cause users to be http://affiliatebestprograms .com/2007/ Here is a link to a sample warning page: If your site was compromised, it’s important to not only remove the Once you’ve secured your site, you can request that the warning be Sincerely, |
I thought this was a joke or spam but the scariest part is the headers look official…
|
From - Mon Feb 11 21:10:25 2008 X-Account-Key: account8 X-UIDL: 1202776218.14784.ipdmhg0179mia.pubip.peer1.net,S=4021 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <3i-iwRwcKCWwXYbOZViQYYQVO.MYWgOLWKcdObKPPSVSKdOLOcdZbYQbKWc.MYW@google.com> Delivered-To: *********@affiliatebestprograms.com Received: (qmail 14780 invoked by uid 89); 12 Feb 2008 00:30:17 -0000 Received: from unknown (HELO smtp-out3.google.com) (216.239.45.15) by ipdmhg0179mia.pubip.peer1.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 12 Feb 2008 00:30:17 -0000 Received-SPF: pass (ipdmhg0179mia.pubip.peer1.net: SPF record at _netblocks.google.com designates 216.239.45.15 as permitted sender) Received: from zps67.corp.google.com (zps67.corp.google.com [172.25.146.67]) by smtp-out3.google.com with ESMTP id m1C0U6nk017398 for <********@affiliatebestprograms.com>; Mon, 11 Feb 2008 16:30:06 -0800 Received: from zps37.corp.google.com (zps37.corp.google.com [172.25.146.37]) by zps67.corp.google.com with SMTP id m1C0U50b031219; Mon, 11 Feb 2008 16:30:06 -0800 DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=received:mime-version:message-id:date:auto-submitted:subject:from: to:content-type:content-transfer-encoding; b=mUYX/kS5CZjP3onahyH5ueo2UgOw/HqPC5rfRCfVlpUo8mag2BSLqxfOtxNP0uNN/ 95cerx4UtuxdMpWeC1YXQ== Received: from smtp-out2.google.com (fpd7.prod.google.com [10.253.4.7]) by zps37.corp.google.com with ESMTP id m1BNFAl2013510 for <*********@affiliatebestprograms.com>; Mon, 11 Feb 2008 16:30:03 -0800 Received: by smtp-out2.google.com with SMTP id 7so520822fpd.0 for <*********@affiliatebestprograms.com>; Mon, 11 Feb 2008 16:30:03 -0800 (PST) MIME-Version: 1.0 Message-ID: <000feae835ad0445eb285436ce17f6d@google.com> Date: Mon, 11 Feb 2008 16:30:03 -0800 Auto-Submitted: auto-generated Received: by 10.253.4.68 with SMTP id 68mr715119fpd.1.1202776203081;a Mon, 11 Feb 2008 16:30:03 -0800 (PST) Subject: Malware notification regarding affiliatebestprograms.com From: Google Search Quality To: a***e@affiliatebestprograms.com, a***n@affiliatebestprograms.com, a***********r@affiliatebestprograms.com, c*****t@affiliatebestprograms.com, i***@affiliatebestprograms.com, p*********@affiliatebestprograms.com, s******@affiliatebestprograms.com, w********@affiliatebestprograms.com Content-Type: text/plain; charset=ISO-8859-1; Format=Flowed Content-Transfer-Encoding: 7bit |
Although none of the email accounts listed in the “to:” field are valid and this batch of emails was caught by my “catch-all” address which explains why I received so many copies of the email. Unfortunately, from a network engineer perspective and as somebody who has been running dedicated servers for almost 15 years, this email would normally be classified as “spam” due to the blanket recipients. At least experienced spammers use whois records for a domain to address the owner. Furthermore, my site is listed in my Google Webmasters Tools account (with a a valid email !doh!)
To make this notice from Google even more ridiculous, the pages of this blog Google claims they found malware on “DON’T EXIST”, they are directory indexes that don’t even exist because they are handled by a mod_rewrite setup by Wordpress. Even more uncanny, I removed my blog archives a long time ago in favor of my “Most Popular Articles” page and to lessen the clutter on this blog’s sidebar. Evidently, it looks like Google is trying to index directories found in the permalinks on blogs which should set a lightbulb off for any clever SEO’s running wordpress - hint - hint - black hats can smell a great doorway page by adding an actual directory and an index file :-)
Technically, a search engine should only follow links it finds directly on a page. I once had a problem with Google taking the a url from a “hidden” form field that was used to pass a return url for a successful Paypal payment. The success script also sent a text message to my phone whenever a successful sale was made so I could follow up. As a security precaution, I setup the return script to also page my cellphone with any hacking attempts (ie: accessing the return url with inaccurate or no form data). Well, Google took that url from a hidden text field (again, it wasn’t an href) and was calling the return script with no input. Every time Google did this, it sent me a text message with the “hackers” (googlebot’s) ip. In one sense I was relieved my payment script wasn’t being hacked for real but in another sense, I was amazed Google’s bot actually picks up non-href’ed links for indexing. In my opinion, anything in between the <form></form> tags should never be indexed for obvious reasons.
From an SEO standpoint, my main question remains, “what is Google doing in the malware and virus protection business” ? I guess I’m mistaken that Google is a search engine because now it appears they’ve joined the the PC Cleaning business. Somehow, I don’t find it comforting that Google is taking this approach of putting warnings on pages their google-bots detect as “dangerous”. This could be particularly harmful for webmasters and site-owners who find themselves wrongly accused of their pages containing spyware, or if a bot detects a false positive, etc. On the flipside, Google is also an advertising network and using this new “malware detection”, they could easily use it as an excuse to remove websites or pages using other advertising programs beside Adsense. I am running ADSDAQ with Google Adsense as my fill if there are no appropraite CPM ads and I highly doubt the ads I’ve seen running in ADSDAQ contain malware. Let’s face it, a Google Adsense ad is more likely to lead you to a page with malware or worse.
I’m sure like many bloggers out there, I like to see that little green pagerank toolbar increase instead of decrease. As of this recent Google pagerank update this blog saw our ranking drop one point from PR4 to PR3. Why this happened in totally a mystery because the only things that have changed in between this update and the last update was the addition of over 60 quality posts and over 400 backlinks from reputable sources. There has never been any “link buying” or “link selling” or anything defined by Google’s resident search engine spam expert, 
