Risk
1/31/2008
06:19 AM
50%
50%

Stopping Google Blog Spam

Removing spam from your Google blog - in seven 'easy' steps

4:19 PM -- Today is no different from yesterday or the day before: Nope, it’s just another day that Google has made things a little worse for Yours Truly. Full disclosure: I don’t actually use Google anymore. I’ve long since realized that Yahoo’s Overture actually has better results than Google and a much bigger index, which helps when searching for esoteric strings. So the only time I find myself on the search giant is when I’m bug hunting or debugging someone else’s problem.

That brings me to my first Google rant of the day. My girlfriend emailed me today, asking if Google was down. Clickity clickity... Nope, looks good to me. But it appeared that every time she went to the page, she was getting something that looked like this:

Figure 1:

It appears that someone at her office did something that caused Google to basically shut down "search" for everyone in the office. Most Internet users would be helpless without Google, but thankfully my girlfriend knows the ways of Yahoo, so she continued about her day. But there are still hundreds of people at her company left without Google search for as yet-unknown reasons.

Google provides no way to rectify the situation, so guys like me end up playing tech support for them. I tell people to use another search engine. (I’m probably not the best Google tech support person, am I? I’m guessing they aren’t banking on me telling hundreds of people at a time to stay off their site.)

After the drama, I look through Technorati and find a spammer on Blogspot. (See Attackers Abuse Google Blogger .) The spammer has decided to take my content and re-post it as its own. That wouldn’t be a problem, except that they’ve posted it to the Google-owned Blogspot. Google isn’t just a search company -- it's also an advertising company, and it often hosts security hole-ridden beta applications and spam. You’d think it would be easy enough to tell Google to cease and desist with the spam, but no. That would be too easy and responsible of Google. So here’s the easy seven-step process for removing spammer’s content from Blogspot:

  1. Identify the content on Blogspot that is infringing on your copyright. (So far so good.)

  2. Show where your original content lives and the date that you posted it. (Easy enough.)

  3. Provide contact info. (Not sure why that’s necessary to remove a spammer, but okay...)

  4. Include the statement “I have a good faith belief that use of the copyrighted material described above on the allegedly infringing web pages is not authorized by the copyright owner, its agent, or the law.” (Um... okay?)

  5. Include the statement “I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.” (Why didn’t Google just add those two sentences together and make them one bullet?)

  6. Sign the paper. (Yes, PAPER... Right back to 1980 we go!)

  7. Send or fax the paper to Google. (I could have sworn Google was an Internet company!)

Google has actually made it harder to stop a spammer than it is to be a spammer. And people who have been infringed upon actually have to spend money -- long-distance phone call or postage -- to stop spammers on Google’s own domain. This by no means guarantees that it will be removed in a timely manner, either. Isn’t it time we demand Google fix its own problems rather than placing the burden on everyone else?

At a minimum, let’s demand that Google’s legal department start using email.

– RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

  • Google (Nasdaq: GOOG)

    Comment  | 
    Print  | 
    More Insights
  • Register for Dark Reading Newsletters
    White Papers
    Cartoon
    Current Issue
    Flash Poll
    Video
    Slideshows
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2015-0714
    Published: 2015-05-02
    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

    CVE-2014-3598
    Published: 2015-05-01
    The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

    CVE-2014-8361
    Published: 2015-05-01
    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

    CVE-2015-0237
    Published: 2015-05-01
    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

    CVE-2015-0257
    Published: 2015-05-01
    Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

    Dark Reading Radio
    Archived Dark Reading Radio
    Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.