SE Spammer Revealed

[Altheon]

I'm going over it now and it looks like this guys is doing some sort of cloaking. I'm using CodeLifter to grab his page. Sadly it can't pick up the stuff that his server does.

just hit google for site:www.songlyrics4me.com for more details


pornrex,

This is the code I lifted from a page of SE spammer. Hopefully we can put our heads together and figure out how he/she did it.

-A

[JohnnyR]

I'm not sure this is for SE spamming. From a first quick look it seems to me like this java script would generate a page with multi-frames (afaik multi-frames don't work best with SE's), then populate them with different content loading from different places (again, dynamic content, bad for the SE's). It also generates popups (bad for Se's as well?) and, again, puts dynamic pages in them, pages taken from here:

var s=new Array('','http://s3.filehandler.biz/fpa/bisexual/1.html','http://www.downloadpass.com/ft=pimp6434-1/view_n.htmlQQniche_id=255',
'http://s3.filehandler.biz/fpa/bisexual/dating.html',
'http://www.megasitepass.com/ft=pimp6434/index.html?cf=1','http://www.allsitesaccess.com/2/main.htm?id=easymojo&p=clean');

So, basically, different html pages from different sites ar being loaded as frames on his own pages. Also looks like the script is loading on the surfer's machine, and not on the server, which again can't be too good for SE bots...

At this point this don't seem like much of a SE spamming script that will actually work. Although it's early a.m. here and my half-shut eyes might have missed something, it's likely they didn't. This script just doesn't look like a wise SE spamming one. Has its purposes, yes, but hardly that purpose.

Ergo I doubt this is the script you guys were looking for - tho it's likely to be the same guy - the scripting is rather elegant then noobish ("not too too, not very very") so the guy who coded it might as well have coded some SE spamming stuff. Anyways, I'm positive Linkster was probably talking about something else. Waiting for his input on this one.

Altheon, if you get me this allegedly SE spammer's sites/domains, I'll have a sniff around... see what's up with the whole SE spamming thingie.

[Linkster]

oh this is definitely the guy - he's dumped over 670000 pages into Google and is ranking in the top 10 for almost every term phrase he went after - he's populating the pages with search phrases he scraped from either Google or Yahoo - interesting approach - he built the first part of the site using non-adult stuff - song lyrics - then ran the script on adult terms with every page acting as a backlink

Of course I see Pimproll is getting some benefit from this guy - guess we'll have to do some more digging

[Linkster]

I was trying to find a cached page for one of these to see what Google was seeing - fortunately it looks like theyve already started pulling his pages as theyve pulled all the caches and a lot of pages are going to url only - on his old pages he had some downloaders that would install a cab file and extract itself to load referral codes and nasties into cookies - pretty elaborate scheme

[Rorschach]

Maximum respect to the filehandler.biz guy... you rock! I am not sure if it is the same person as the old hornyalien spam (the original .biz spammer), but if it is, I have been watching your stuff for a long time and you have truly been an inspiration!

[Halfdeck]

Quote:

Originally Posted by Altheon

I'm going over it now and it looks like this guys is doing some sort of cloaking. I'm using CodeLifter to grab his page. Sadly it can't pick up the stuff that his server does.

just hit google for site:www.songlyrics4me.com for more details


pornrex,

This is the code I lifted from a page of SE spammer. Hopefully we can put our heads together and figure out how he/she did it.

-A

I'm not sure if anyone mentioned this before, but there are a bunch of links to porn related urls on the bottom of the source code hidden crudely by the <div style='display: none;'> tag.

[Halfdeck]

His Silvercash acc # is 1007351, and nasty dollars acc id is easymojo, in case anyone is interested.

[Bill]

That's the spirit! I'm glad to see there is an interest in this...

I wonder what would happen if the sponsors in question started receiving concentrated complaints about spammer ID's, complaints combined with postings on message boards listing known spammer IDs and the sponsors who are protecting them?

Like Gideon says, and as people like Linkster and DD say, they key to getting the spamreport to work involves putting as much extra information about the whole network as possible into the spam report form.

Don't report individual pages, report whole networks at once.

It may take some help from people with whois.sc accounts to get the best effect from this.

---

I think maybe the next step would be to identify a few new spam networks, post their domain names and some sample pages here, then see if we can get a half dozen to a dozen people here to counter attack them all at once.

The counter attack would involve:

1. A group effort with the spamreport page.

and, for additional effect...

2. A group effort writing spam complaints to the sponsors about the sponsor ID's involved, inviting the sponsors to come here and explain why they support search engine spam.

(this second part may or may not work, but if it works even a little bit, imagine how satisfying that would be. )