V
V
Vadim Rybalko2012-06-17 03:00:19
Google
Vadim Rybalko, 2012-06-17 03:00:19

Strange links in Google search on Habr. What ideas?

Greetings.
Recently we noticed that if you enter a query in Google search with the following content: "site:habrahabr.ru storing twig code in the database", then in addition to normal links like "habrahabr.ru/blah-blah" there are also links like "barmaley.external .v.antizapret.ru_exe.habrahabr.ru/blah-blah" or "17pecha10rambler.ru.habrahabr.ru/blah-blah", and there are many of them and the meanings before "habrahabr.ru" are different, but they are all clearly dumb.
Until today, they were open, but with the introduction of stricter server_name checking in nginx, they are now "outlawed". But there is still a misunderstanding of what these links are and where they came from in the search results. Attack? SEO? If you have encountered such a phenomenon or know where "legs grow from", do not keep it to yourself, share your thoughts.

Answer the question

In order to leave comments, you need to log in

5 answer(s)
H
Hungry_Hunter, 2012-06-17
@Hungry_Hunter

Apparently they didn't read well.
Once all profiles were available on virtual subdomains like username.habrahabr.ru. Now everything is redirected to habrahabr.ru/users/username.
In order not to register DNS for each user, they simply registered one IP for all subdomains

V
Vladimir Pilipchuk, 2012-06-18
@SLIDERWEB

I have come across this. That my domain was referenced by a pile of garbage. On the DNS, I had written:
* CNAME @
And of course, all requests flew to my domain, but not quite.
I clicked on one of the links and, lo and behold, I went to some site on yukoz. I searched the site and found a code that did the following:
- Received a SELF_URL.ATTAK_URL fork link as an input
- Loaded SELF_URL with advertising or SEO spam, and loaded ATTAK_URL in a frame.
First of all, I removed the DNS record (temporarily).
I shoveled the first TOP-50 of such links with my hands and stupidly banned subnets. I wrote a letter to the hoster (about 90% of junk sites were hosted on one site). Corrected a little robots.txt (prohibited access to unreal user agents) + configured IPS on the router in terms of HTTP/DNS/DoS.
And somehow forgot about it.
After 3 months I remembered and decided to check - everything is fine, there are no more links.
I didn’t go deep into the question, but I think there is only one goal here - pumping your domain with other people’s traffic.

G
gvsmirnov, 2012-06-17
@gvsmirnov

I also recently noticed this, and I wanted to report it, but somehow it slipped out of my head.
It is logical to assume that this is such a nasty SEO way to get ahead: some “elingstroy.ucoz.com” appears in the address, and it is found by a huge number of requests (from indexed stolen topics). There is no small chance that in the end someone will go to the site itself.

K
KawaiDesu, 2012-06-17
@KawaiDesu

habrahabr.ru/qa/19952/
habrahabr.ru/qa/20002/

S
skomoroh, 2012-06-18
@skomoroh

I will assume:
for many hosters, the dns records of all clients are on the same server, for example, ns1.site and ns2.site, and at the same time all A, CNAME records are in a simple heap without checking where whose domains are
, in other words, at the domain registrar you register the dns of the hoster server , at the hoster in the dns control panel you write A record, site.ru. A 123.123.123.123, and the attacker writes hack.site.ru in his panel. A 222.222.222.222, moreover, it has no rights to the site.ru domain, and now when we request from the dns server, it responds to hack.site.ru - the attacker's ip

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question