OT: Weird search engine problem - fake goods hijacking

[Martin Brown]

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.



Thanks for any enlightenment.

--
Regards,
Martin Brown

 

[DemonicTubes]

On Wednesday, May 30, 2018 at 8:19:21 AM UTC-6, Martin Brown wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.



Thanks for any enlightenment.

--
Regards,
Martin Brown

Verified, I am having the same issue. This is quite serious and alarming!

 

[John Larkin]

On Wed, 30 May 2018 15:19:16 +0100, Martin Brown
<'''newspam'''@nezumi.demon.co.uk> wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.



Thanks for any enlightenment.

I wonder is there is a DNS that won't serve up
spam/malware/garbage/porn IP addresses.

How about a server that keeps a list of bad sites, so a browser can
check them before opening?

Why don't big ISPs sniff packets and refuse to carry malware?

Really, we are in the barbaric dark ages of computing.



--

John Larkin Highland Technology, Inc

lunatic fringe electronics

 

[Martin Brown]

On 30/05/2018 16:30, John Larkin wrote:

On Wed, 30 May 2018 15:19:16 +0100, Martin Brown
'''newspam'''@nezumi.demon.co.uk> wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.

Thanks for any enlightenment.

I wonder is there is a DNS that won't serve up
spam/malware/garbage/porn IP addresses.

Please can you confirm if you do or do not see dodgy looking fake
handbag text in the result of a Google search with those terms?

How about a server that keeps a list of bad sites, so a browser can
check them before opening?

Doesn't work. Some AVs do feed the search engine results to their
heuristics and warn if the site is recognised as bad. I have that
feature enabled on my system. I also have browser sandboxing.

Why don't big ISPs sniff packets and refuse to carry malware?

It would slow things down far too much. You also risk false positives.
A site I use regularly triggers false positives on some AV products.

> Really, we are in the barbaric dark ages of computing.

Not really. The barbaric age was when you had to boot the damn thing by
manually setting switches on the console to prep the paper tape reader.

One thing I have found out by raising this issue is that Draytek routers
have a serious vulnerability reported today. I don't think this is the
source of my problem but it is an interesting coincidence.

https://www.draytek.com/en/about/news/2018/notification-of-urgent-security-updates-to-draytek-routers

I have a ticket raised with my hosting ISP and will report back.

--
Regards,
Martin Brown

 

[Martin Brown]

On 30/05/2018 17:08, Bert Hickman wrote:

Martin Brown wrote:

Thanks for any enlightenment.


I see the same thing here in the US... interesting.

It is interesting in the old Chinese usage (ie. very bad).

--
Regards,
Martin Brown

 

[Phil Hobbs]

On 05/30/2018 10:19 AM, Martin Brown wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.



Thanks for any enlightenment.

Duckduckgo has the fake handbags in the search results, but clicking on
the Cromore link brings up the genuine site. So it looks like the DNS
poisoning thing is getting fixed.

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics

160 North State Road #203
Briarcliff Manor NY 10510

hobbs at electrooptical dot net
http://electrooptical.net

 

[George Herold]

On Wednesday, May 30, 2018 at 10:19:21 AM UTC-4, Martin Brown wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?


and
http://www.shockcordstore.co.uk/

Right some handbag site, and not one doing outdoor bounce magic things.
That's with google.
for Duckduckgo I get something that advertises handbags, but when I click
on the link it takes me to http://www.cromorecastles.co.uk/
(that's weird)
George H.

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.



Thanks for any enlightenment.

--
Regards,
Martin Brown

 

[Bert Hickman]

Martin Brown wrote:

On 30/05/2018 16:30, John Larkin wrote:
On Wed, 30 May 2018 15:19:16 +0100, Martin Brown
'''newspam'''@nezumi.demon.co.uk> wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.

Thanks for any enlightenment.

I see the same thing here in the US... interesting.

 

[Martin Brown]

On 30/05/2018 17:13, Phil Hobbs wrote:

On 05/30/2018 10:19 AM, Martin Brown wrote:

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.

Thanks for any enlightenment.

Duckduckgo has the fake handbags in the search results, but clicking on
the Cromore link brings up the genuine site.  So it looks like the DNS
poisoning thing is getting fixed.

How's it been done though? The indexed text was never on the sites
affected but must have been webcrawled by Google and Bing believing that
they were in the right place and with enough of the right structure to
be able to hijack or modify deep links.

Actually I have only seen root level link hijacks work, but I have seen
random trendy designer geezers appended to deep linked page titles.

--
Regards,
Martin Brown

 

How is it done ? Well I am not sure but I did research SEO a bit back when I had a reason. They could optimize a site to look the same and respond the same as the site they want to mimic. this would only be done by the unscrupulous of course because the "real McCoy" wants to be found. Then a bot keeps on searching using their listed keywords and then chooses the results that go to their client's hacking site.

Another way would be fake DNS registration. I have no idea how that works but many things can be done. This is no easy thing from what I've gleaned though I did notice for example that when I had AOL and went to eBay I went to "aol.ebay.com", not "ebay.com". If that is possible then this is possible..

But ebay allowed that as far as I know. Well, what if they got hacked and didn't detect it ? One day AOL gets me on the phone and said I have been hacked. I had to change all my passwords right now. I never stored a password for any of that, so I queried - "Wait, I got hacked ?", "Yes, your account got hacked". Then I said "What you mean is that YOU got hacked". The answer was a begrudging YES.

So there are two possible ways of which I am aware, and I am not all that up to date on this subject. But at least you are aware of the URL you are at, how m any people aren't ? I bet they can hire alot of hackers for the money they make off the unaware.

And if the allegations of Russian hacking are true, then this is what they do in kindergarten. But then I reserve judgement still awaiting any real evidence excluding "He said that they...".

 

On Wednesday, May 30, 2018 at 10:19:21 AM UTC-4, Martin Brown wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see how
it has been done. I have tried from different platforms and it seems
that the problem is with the indexing and content at the search engine.

To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

It looks like a contagion with an increasing number of sites gaining
spurious fake designer brand title additions even if the URL for the
moment remains unmolested. I first saw the problem on Bing this morning
but careful investigation shows that it is much more widespread.

The unqualified bare URL is typically the one that is hijacked but I
have seen spurious titles appear in deep links too.

I don't think it is my router or ISP's DNS gone haywire. I have ruled
out PC malware as I see exactly the same problem from Android via
another route.

I have now got independent confirmation that the searches done through
an entirely separate route give the same results.



Thanks for any enlightenment.

--
Regards,
Martin Brown

Just think of something really moronic because that's how all this internet programming is put together.

 

[Tom Del Rosso]

Martin Brown wrote:

I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see
how it has been done. I have tried from different platforms and it
seems that the problem is with the indexing and content at the search
engine.
To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

What's the problem?

Your third word isn't found so it's ignored.

You search for 'Hermes fake' and you get 'Hermes replica' because it
uses synonyms.

What's unexpected about that?

 

What's the problem?

Your third word isn't found so it's ignored.

"Cromore castles" is a company that rents bouncy castles for kids' parties, and the main page of their Web site currently resolves to a Chinese outfit selling fake handbags.

Cheers

Phil Hobbs

 

[Martin Brown]

On 31/05/2018 04:38, Tom Del Rosso wrote:

Martin Brown wrote:
I have encountered a weird search engine problem with Google, Bing and
Yahoo all affected to some extent. Some search result URLs have been
corrupted and hijacked to fake designer goods stores and I can't see
how it has been done. I have tried from different platforms and it
seems that the problem is with the indexing and content at the search
engine.
To see what I mean with a concrete example take a look at the top two
hits for the following search terms on Google:

Hermes fake cromorecastle

On my system this forces two mangled websites to the top of the list.
Their genuine URLs are below however Google doesn't link to them any
more nor does it show the true content of their web pages. Any wizards
able to explain what is going on and how to get things put right?

http://www.cromorecastles.co.uk/
and
http://www.shockcordstore.co.uk/

What's the problem?

Some people have no understanding of the internet but comment anyway.

Your third word isn't found so it's ignored.

You search for 'Hermes fake' and you get 'Hermes replica' because it
uses synonyms.

What's unexpected about that?

--
Regards,
Martin Brown

 

[Clifford Heath]

On 31/05/18 16:33, pcdhobbs@gmail.com wrote:

What's the problem?

Your third word isn't found so it's ignored.

"Cromore castles" is a company that rents bouncy castles for kids' parties, and the main page of their Web site currently resolves to a Chinese outfit selling fake handbags.

"cromorecastle" is not found in Google.
"cromorecastles" shows the right site.

When I visit that site, I see the right thing, not fake handbags.
Therefore they must be the subject of a DNS attack that affects
your DNS service but not mine.

Clifford Heath.

 

[John Devereux]

pcdhobbs@gmail.com writes:

What's the problem?

Your third word isn't found so it's ignored.

"Cromore castles" is a company that rents bouncy castles for kids'
parties, and the main page of their Web site currently resolves to a
Chinese outfit selling fake handbags.

It seems to depend on how it is accessed at the moment.

If you visit it via the google search results I get a scam site. Typing
the address directly into the browser bar I get a normal site.

duckduckgo shows scam text in the search results, yet clicking on the
links goes to the normal site.

<https://duckduckgo.com/?q=cromorecastles&t=canonical&ia=web>



--

John Devereux

 

[Steve Wilson]

John Devereux <john@devereux.me.uk> wrote:

pcdhobbs@gmail.com writes:

What's the problem?

Your third word isn't found so it's ignored.

"Cromore castles" is a company that rents bouncy castles for kids'
parties, and the main page of their Web site currently resolves to a
Chinese outfit selling fake handbags.

It seems to depend on how it is accessed at the moment.

If you visit it via the google search results I get a scam site. Typing
the address directly into the browser bar I get a normal site.

duckduckgo shows scam text in the search results, yet clicking on the
links goes to the normal site.

https://duckduckgo.com/?q=cromorecastles&t=canonical&ia=web

Good observation. Thanks.

 

[Johann Klammer]

On 05/31/2018 09:24 AM, John Devereux wrote:

https://duckduckgo.com/?q=cromorecastles&t=canonical&ia=web



Ah, a ubuntu user!

 

[Steve Wilson]

Johann Klammer <klammerj@NOSPAM.a1.net> wrote:

On 05/31/2018 09:24 AM, John Devereux wrote:

https://duckduckgo.com/?q=cromorecastles&t=canonical&ia=web

Ah, a ubuntu user!

Here's another. 10.04, April, 2010.

Works great. No need to update. Saves time and hassle.

Where else can you run an operating system so long with no shutdowns due to
broken updates?

 

[Steve Wilson]

Johann Klammer <klammerj@NOSPAM.a1.net> wrote:

On 05/31/2018 09:24 AM, John Devereux wrote:

https://duckduckgo.com/?q=cromorecastles&t=canonical&ia=web

Ah, a ubuntu user!

Here's another. 10.04, April, 2010.

Works great. No need to update.

Where else can you find an operating system that works so well and has no
risk of destruction due to updates?