Spanish Real Estate forum - Spanish property - Estate agentsSpanish Real Estate forum - Spanish property - Estate agents

granadapropertyspain · 12-01-2007, 11:58 AM

I was just wondering about this.

In google when you do a search and you see this:

www. lookforit - buscalo.com/
This site may harm your computer

If it is going to harm your computer, why the hell does google include these sites in the results?

You would think that they would remove sites like this from the search engines wouldn't you?

Homefinder · 12-01-2007, 04:38 PM

I tested the link and notice that a warning is supplied before you get to the site so I think that Google have done the job properly.
I was wondering when they would do something and posted recently about black-hat sites stealing our hard-earned clicks with IP Redirects.

This is what Google say about it -

If you click the title of the result, you'll be shown the following warning rather than being taken immediately to the webpage in question:

You can choose to continue to the site at your own risk. However, please be aware that malicious software is often installed without your knowledge or permission when you visit these sites, and can include programs that delete data on your computer, steal personal information such as passwords and credit card numbers, or alter your search results. For more information on these types of sites, please visit StopBadware.org
If one of these sites downloads malicious software onto your computer, please read our additional information about reporting these sites and removing the software from your system.

If you're the administrator of a site we've identified with this warning message, please visit the instructions found in our Webmaster Help Center.

granadapropertyspain · 12-02-2007, 11:10 AM

Yes, I saw that but the question was why include results that may harm your computer?

Don't you think that it is the responsibility of the search engines to COMPLETELY protect their users by not including sites like this in their search results?

To me it just seems strange that the market leader in internet search keeps sites like this in the result pages?

Homefinder · 12-02-2007, 04:23 PM

I don't think that Google could afford to de-index a site just like that because they would be acting as judge and jury.
It is also possible that they could be wrong about it.
It is also possible that the alleged malicious code was placed by a third party and not within control of the site's webmaster.

This problem has been around for quite some time and I am surprised that Google had not done anything about it before.
There was a bit of discussion on the forum about it.

What happened was that I was checking out my competitors by placing kewords into Google. I clicked on one of them, who is a member of this Forum, and was immediately transferred to another site showing Google AdWords for that same keyword.
Several were porn sites - Yes, showing AdWords for property keywords!
That did not happen just once but, when it started, I was unable to search with certain property related keywords without being kidnapped and transferred to a black hat site and I eventually built up a list of the sites.
At least two other members of the forum reported the same.
I complained to Google but they did not reply but then they hardly ever do.

Eventually, by searching the Google Forum, I found the answer and picked up a free facility ( PC Tools, Spyware Doctor ) which found numerous threats, including a Trojan-Downloader.IN which altered my regisrty value for my DNS IP.

So I picked it up from somewhere and Norton missed it. I guess that Norton have now got on to it now but I no longer take that chance as I keep Spyware Doctor running all the time as well.
The Spyware Doctor maintains a list "Spyware Known Bad Sites" and immediately quarantines risks for my further attention. I continually check these lists looking for mention of my own or collegue's sites.
Here is one - Trojan.CWS Cookie Threat Level: High Infection: adserver.terra.es
I doubt if terra.es know about it but they may have been infected and I suppose I should tell them about it but perhaps it is nothing to do with terra.es
Now the real point is that terra.es are suspect and perhaps are unknowingly propogating the worm but it would not be fair if Google de-indexed them.
Showing the warning would be would be a good remedy because the site could do something about it.

I am going to try clicking on wwwDOTlookforitDASHbuscaloDOTcom/ to see what happens and report back.
I might not be around for a bit!

Homefinder

Homefinder · 12-02-2007, 05:11 PM

Warning - visiting this web site may harm your computer!

You can learn more about harmful web content and how to protect your computer at StopBadware.org.

Suggestions:

Return to the previous page and pick another result.
Try another search to find what you're looking for.

Or you can continue to [URL removed by Homefinder] at your own risk.

If you are the owner of this web site, you can request a review of your site using Google's Webmasters Tools.
Advisory provided by

Google have now changed the message. Note that they are offering to help the site owner.
It is not now possible to click for the site from this page [I had to remove the URL because the Forum editor shows it automatically. Google do not show it]. The only way is to type the URL directly into the browser - which I did!
I ran SpyWare Doctor - and WOW! So far 103 infections of Trojan.CWS all from my old friend terra.es
This lookforit-buscalo site is a Valencia-based portal with a multi-listing property section.
Has anyone advertised there or even visited it? I would not reccomend that anyone does without SpyWare Doctor installed or other fully updated anti-virus protection.

Homefinder

Homefinder · 12-02-2007, 05:30 PM

Don't go near this site under any circumstances.

Trojan.CWS has altered my registry values. I don't think that this will take affect until I restart but then my search will be hijacked - this is what happened before.
Spyware Doctor deleted it but was unable to put the damage right.
I am trying to remember how I cleaned it up before.

What a pain!

Homefinder

Richie · 12-11-2007, 10:02 AM

I can't believe that google would include this results either, why include websites that give users of google a virus!

I have just seen one myself today www. 24 property in spain .com

It is strange that google includes these sites, I would have thought that they would have a quiet word with the site owners to clean up their sites or have them removed permanently from the SERP's.

ToniW · 12-11-2007, 01:31 PM

I know of the look for it - buscalo, they bring their free paper here to our office, must admit never been to the website though. Will mention it to them next time I see them, although I am sure I only see the "delivery boy" so whether the message will get back to the right people weÂ´ll see.

Homefinder · 12-11-2007, 02:30 PM

When did Google ever really communicate with any site?
I think that this warning is the Google equivilent of a "quiet word".

Perhaps the site owner does not know what is happening. Perhaps the site owner has contracted a 3rd party service (sitemap or ppc advertising) and just copied and pasted a code.

All I know is what happened when I was infected and I am assuming that this is the same scam.
The virus took control of my Internet search. When I clicked on a SERP it took me to another site showing Google AdWords for the keyword.
A lot of Internet users would not know that anything had happened, the site showing the Adwords would have got paid for the click and the site I clicked on lost a natural hit.

I think that lots of sites may be unknowingly caught up in it. There are some amazing domains on the Spyware Doctor "Black Hat", places we go all the time, especially for ppc. I cannot mention any names here!

It is easy to see how it could happen.
A webmaster decides to put GetRichQuick.com ads. on his site and copies and pastes the code. When the page is opened a Java code is fetched and run from GRQ.com and the webmaster is really putting his life in their hands.
The code may serve ads. one day but do something completely differently the next. GRQ.com can change the code to do anything they want.

As an example here is the Google Adwords code -
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
Easy to see how it could happen! I am not saying that they would but Google could change "show_ads.js" to do almost anything.

What is the solution?

One thing is very clear. If we copy and paste any code to our site we must take great care if it contains a URL to a code on a remote site.

There is all sorts of info. around about the issue.
Discussion with a site owner who "got the message"
Google Webmaster central: Quick security checklist for webmasters

Homefinder

Look For It · 02-11-2008, 11:20 AM

Hello
I came across your forum when searching. We are the owners of the magazine Spanish property for sale | Buying investment property in Spain and I am posting in response to your threads as I feel I need to set the matter straight.
Unfortunately prior to the Christmas period our site was hacked and malicious code was inserted into our pages which in turn blacklisted the site with Google.
It took 4-5 weeks to remove all of the coding and replace the old website with a new, much improved version and to also add more information for our readers. Unfortunately we did not get any warning from Google about the problems and only found out when we searched for our own site and the message - This site may harm your computer - appeared.
It is extremely frustrating when this happens through no fault of your own and I don't believe that sites should be removed from Google - as you are probably aware it does take many, many weeks to get a good ranking without the need for having to start all over again.
Thankfully all of the issues have now been resolved, with new software and even more visitors!