Google To Send Detailed Info About Hacked Web Sites 58
alphadogg writes "In an effort to promote the 'general health of the Web,' Google will send Webmasters snippets of malicious code in the hopes of getting infected Web sites cleaned up faster. The new information will appear as part of Google's Webmaster Tools, a suite of tools that provide data about a Web site, such as site visits. 'We understand the frustration of Webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged,' wrote Lucas Ballard on Google's online security blog. To Webmasters who are registered with Google, the company will send them an email notifying them of suspicious content along with a list of the affected pages. They'll also be able to see part of the malicious code." Another of the new Webmaster Tools is Fetch as Googlebot, which shows you a page as Google's crawler sees it. This should allow Webmasters to see malicious code that bad guys have hidden on their sites via "cloaking," among other benefits.
Re:Gentlemen, check your Webmaster tools (Score:2, Informative)
Google needs to clean up their own act first, (Score:5, Informative)
Google has a malware hosting problem of their own.
Google Spreadsheets can be abused to create phony login pages. Here's one for "Free Habbo credits" [google.com], designed to collect Habbo logins. It's been reported via the usual "Google abuse" mechanism, repeatedly, and it's still up. It's been up since October 28, 2008.
We track major domains being exploited by active phishing scams. [sitetruth.com] ("Major" here means only that it's in Open Directory, with about 1.5 million domains.) There are 39 exploited domains today. Only 7 have been on that list since 2008. The most abused site is Piczo.com, which is a hosting service/social network/shopping site for teenagers.
Just about everybody else has cleaned up their act. 18 months ago, that list had 174 entries, including Yahoo, eBay, Microsoft Live, and TinyURL. All those companies have become more aggressive about checking for phishing scams that were injected into their domain. Google's cluelessness in this area ought to be embarrassing to someone.
Re:Gentlemen, check your Webmaster tools (Score:4, Informative)
Did you mean http://googlewebmastercentral.blogspot.com/2009/10/fetch-as-googlebot-and-malware-details.html [blogspot.com] ? Your link got garbled by some evil force...
Comment removed (Score:3, Informative)
Re:Who requests (Score:4, Informative)
It's an opt-in notification system - nobody's forcing you to do anything. Also, robots.txt has been around since long before google.
Academic cloaking (Score:3, Informative)
A number of pay-to-view web forums allow the Googlebot to freely navigate it, but requires payment from users. Among other boards, those involving erotica.
This sort of cloaking is frustrating even for people who aren't porn fans. A lot of scholarly journals spam search engine result pages with their cloaked, noarchived pages <cough>elsevier and springerlink</cough>. Even more frustrating is that Google provides no way for users 1. to exclude noarchived pages from its results or 2. to report sites that violate Google's stated cloaking policy.