This is scary. I just received this same email almost 10 times, apparently from Google regarding one of the pages on this blog containing malicious software…
 |
Dear site owner or webmaster of affiliatebestprograms.com,
We recently discovered that some of your pages can cause users to be http://affiliatebestprograms .com/2007/ Here is a link to a sample warning page: If your site was compromised, it’s important to not only remove the Once you’ve secured your site, you can request that the warning be Sincerely, |
I thought this was a joke or spam but the scariest part is the headers look official…
|
From - Mon Feb 11 21:10:25 2008 X-Account-Key: account8 X-UIDL: 1202776218.14784.ipdmhg0179mia.pubip.peer1.net,S=4021 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <3i-iwRwcKCWwXYbOZViQYYQVO.MYWgOLWKcdObKPPSVSKdOLOcdZbYQbKWc.MYW@google.com> Delivered-To: *********@affiliatebestprograms.com Received: (qmail 14780 invoked by uid 89); 12 Feb 2008 00:30:17 -0000 Received: from unknown (HELO smtp-out3.google.com) (216.239.45.15) by ipdmhg0179mia.pubip.peer1.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 12 Feb 2008 00:30:17 -0000 Received-SPF: pass (ipdmhg0179mia.pubip.peer1.net: SPF record at _netblocks.google.com designates 216.239.45.15 as permitted sender) Received: from zps67.corp.google.com (zps67.corp.google.com [172.25.146.67]) by smtp-out3.google.com with ESMTP id m1C0U6nk017398 for <********@affiliatebestprograms.com>; Mon, 11 Feb 2008 16:30:06 -0800 Received: from zps37.corp.google.com (zps37.corp.google.com [172.25.146.37]) by zps67.corp.google.com with SMTP id m1C0U50b031219; Mon, 11 Feb 2008 16:30:06 -0800 DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=received:mime-version:message-id:date:auto-submitted:subject:from: to:content-type:content-transfer-encoding; b=mUYX/kS5CZjP3onahyH5ueo2UgOw/HqPC5rfRCfVlpUo8mag2BSLqxfOtxNP0uNN/ 95cerx4UtuxdMpWeC1YXQ== Received: from smtp-out2.google.com (fpd7.prod.google.com [10.253.4.7]) by zps37.corp.google.com with ESMTP id m1BNFAl2013510 for <*********@affiliatebestprograms.com>; Mon, 11 Feb 2008 16:30:03 -0800 Received: by smtp-out2.google.com with SMTP id 7so520822fpd.0 for <*********@affiliatebestprograms.com>; Mon, 11 Feb 2008 16:30:03 -0800 (PST) MIME-Version: 1.0 Message-ID: <000feae835ad0445eb285436ce17f6d@google.com> Date: Mon, 11 Feb 2008 16:30:03 -0800 Auto-Submitted: auto-generated Received: by 10.253.4.68 with SMTP id 68mr715119fpd.1.1202776203081;a Mon, 11 Feb 2008 16:30:03 -0800 (PST) Subject: Malware notification regarding affiliatebestprograms.com From: Google Search Quality To: a***e@affiliatebestprograms.com, a***n@affiliatebestprograms.com, a***********r@affiliatebestprograms.com, c*****t@affiliatebestprograms.com, i***@affiliatebestprograms.com, p*********@affiliatebestprograms.com, s******@affiliatebestprograms.com, w********@affiliatebestprograms.com Content-Type: text/plain; charset=ISO-8859-1; Format=Flowed Content-Transfer-Encoding: 7bit |
Although none of the email accounts listed in the “to:” field are valid and this batch of emails was caught by my “catch-all” address which explains why I received so many copies of the email. Unfortunately, from a network engineer perspective and as somebody who has been running dedicated servers for almost 15 years, this email would normally be classified as “spam” due to the blanket recipients. At least experienced spammers use whois records for a domain to address the owner. Furthermore, my site is listed in my Google Webmasters Tools account (with a a valid email !doh!)
To make this notice from Google even more ridiculous, the pages of this blog Google claims they found malware on “DON’T EXIST”, they are directory indexes that don’t even exist because they are handled by a mod_rewrite setup by Wordpress. Even more uncanny, I removed my blog archives a long time ago in favor of my “Most Popular Articles” page and to lessen the clutter on this blog’s sidebar. Evidently, it looks like Google is trying to index directories found in the permalinks on blogs which should set a lightbulb off for any clever SEO’s running wordpress - hint - hint - black hats can smell a great doorway page by adding an actual directory and an index file :-)
Technically, a search engine should only follow links it finds directly on a page. I once had a problem with Google taking the a url from a “hidden” form field that was used to pass a return url for a successful Paypal payment. The success script also sent a text message to my phone whenever a successful sale was made so I could follow up. As a security precaution, I setup the return script to also page my cellphone with any hacking attempts (ie: accessing the return url with inaccurate or no form data). Well, Google took that url from a hidden text field (again, it wasn’t an href) and was calling the return script with no input. Every time Google did this, it sent me a text message with the “hackers” (googlebot’s) ip. In one sense I was relieved my payment script wasn’t being hacked for real but in another sense, I was amazed Google’s bot actually picks up non-href’ed links for indexing. In my opinion, anything in between the <form></form> tags should never be indexed for obvious reasons.
From an SEO standpoint, my main question remains, “what is Google doing in the malware and virus protection business” ? I guess I’m mistaken that Google is a search engine because now it appears they’ve joined the the PC Cleaning business. Somehow, I don’t find it comforting that Google is taking this approach of putting warnings on pages their google-bots detect as “dangerous”. This could be particularly harmful for webmasters and site-owners who find themselves wrongly accused of their pages containing spyware, or if a bot detects a false positive, etc. On the flipside, Google is also an advertising network and using this new “malware detection”, they could easily use it as an excuse to remove websites or pages using other advertising programs beside Adsense. I am running ADSDAQ with Google Adsense as my fill if there are no appropraite CPM ads and I highly doubt the ads I’ve seen running in ADSDAQ contain malware. Let’s face it, a Google Adsense ad is more likely to lead you to a page with malware or worse.
[…] Silicon Republic wrote an interesting post today on Google Search With Malware and Spyware ProtectionHere’s a quick excerptGoogle Search With Malware and Spyware Protection… […]
Google is GOD and it looks like they’re tryin to take over every aspect of the internet. Next thing you know your gonna have to ask G’s permission to use the toilet.
Yes, Google really becomes a monopoly, but let’s face it - does Yahoo provide that good services/search engine? No, of course. Yes, the Google algorithm is not perfect, but with our (the webmasters) help, it gets improved all the time. I don’t mind if only one company rules the search engine or website market, as long as it provides good services for everybody.
Those functions that we don’t like from Google, usually have great meaning globally from defeating others that want to take advantage. For example, you could get angry because you get banned from Google search writing paid reviews, when you dont, which is understandable, but imagine the anger of other loyal webmasters that lose their hard-worked positions from other spammers with deeper pockets.
I personally think Google’s search is the best on the internet and I’ve stated countless times that I wish they would concentrate on doing that well and quit playing “internet police” and harassing webmasters trying to monetize their sites.
This latest game with supposedly “identifying” sites with malware is a joke because of course, Alexa buttons, CJ affiliate links, etc show up as “spyware” because they use tracing cookies. The part that pisses me off the most is that Google is the biggest piece of spyware ever. They track everything you do online through their search, Adsense ads and use of their products and widgets.
Think about it - every time you access a page with Adsense, you’re tracked. Every time you access a page with a Google map or a Google Gadget, you’re tracked again. Google is a *marketing* company, so of course this data they track is used to target ads to your habits.
Now if that’s not spyware or malware, I don’t know what it.
I think you’re absolutely right - Google has no right deciding what’s malware and what’s spyware. I’m sure their intentions are in the right place, but this has a lot of room for error. Their spam protection for GMail is excellent in my opinion, but implementing such tactics into the search? That’s crossing the line. But then again, it’s free service, so I suppose they can do as they please?
I’ve also read Matt Cutt’s (I believe) blog regarding an angry blogger that was de-indexed. The blogger received a similar email informing him his site may contain malicious links and may have been compromised. The blogger similarly thought it was fake and ignored the email. Well, couple weeks later he was totally dropped from the index. Matt Cutt’s replied with (in more words of course), “Well, we told you so.”
Sort of a catch-22 I suppose..
[…] Dave wrote an interesting post today onHere’s a quick excerptThis is scary. I just received this same email almost 10 times, apparently from Google regarding one of the pages on this blog containing malicious software… Dear site owner or webmaster of affiliatebestprograms.com, We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users […] […]
I just read this government info on spyware http://hubpages.com/hub/Spyware_tips
is it very accurate?
[…] issue is reason enough to avoid Google’s internet offerings however anybody who has seen Googles warnings in the search engine results stating “This page may harm your computer” might be […]