Google professes to wage war on spam, yet payday loans and cloaking techniques can still be found infecting SERPs.
The following example really ought not to show in search results, for the most basic of SEO reasons… obscene keyword repetition and very thin content.
The search ‘car insurance theft’ (at the time of writing) shows a curious entry in position 3, from the Hitchin Light Orchestra. I’m confident that they’d be surprised to know that they are being returned as a relevant result for search on car insurance theft… yet there they are in third place.
The Google preview pane shows that the page content does indeed contain appropriately matching text:
The cached page:
http://webcache.googleusercontent.com/search?q=cache:nNFrrUPXoJ0J:www.hitchinlightorchestra.org/%3Fq%3Dnode/31+car+insurance+theft&cd=3&hl=en&ct=clnk&gl=uk
A closer look at the repeated text:
Surely this is easily detectable – it is utter spam.
Thought: Perhaps the new continuously rolling Panda update misses this type of content ?
On selecting the link from Google SERPs, you are not taken to this cached page (did you expect anything else?), but taken through a series of redirections and meta refresh steps to a page full of adsense.
Looking more closely at the redirections, there is a meta refresh used on the first redirected site, at personal-adv.com
Ultimate destination page, stuffed with adsense and links that carry affiliate code:
For example, one link on the page above:
http://www.confused.com/campaign/display-campaign/car-insurance/car-insurance-nectar-11?MediaCode=1095&utm_medium=display&utm_campaign=DirectMarch13&utm_source=Unanimis&utm_content=Motor&utm_term=Textlink
The tracking source is declared as Unanimis.
It is not the first time Unanimis has had trouble, 2 years ago criminals injected ad code into the Unanimis feed and infected sites such as the London Stock Exchange:
Another link:
http://66.246.72.184/c.php?p=ejTzLxtFPan896Q9Qqkm9VT2IUJe-jgTZn4QrGx66ZyfwlKi010jmeVVtOFO-HthQO9jOB9yXzBR14afciisTgM31nuEgmPxMLUr9_6aGRJYtkX06r37WNAUxPOarZ-VpPXyZXFqe4MNF1f5YhwQvq7ERj1WWMETO2V69D60ZBPV485n5YcZS7DimLL9H70fRTbNUwznlMDVsG6q2O80QFqtGIyUieVQWO2Dth2ZckErscCMxV1cYLmLZ1g0sG-QacaPxZNQi53kKS1RWpit1T6FgVxx6lnNuiO4hVH2Xo9e4J5wAeV1ReSrORSL1NJxtdN0MIZ0fsIDbOpE_p8rKAnVDx0u6hEV3f2m1KGd8k_1cRvftUA6PDkCvHqWIddt5lQ29W2jdOhrspiceLOFX26_BGN5kO3RPFMbHpU-gRnYw1nwLQGSEBYhM-UHsWLzrOpAng1MTourETzzfOrv8EiW-EyjbsNtQHB8HqCEhQT2PO8kn_0qkIfH1xtsb-FKhJkdmFacnTL_VANyKZUnT_zk6o3Fadxgcpyw-zxnqM3h2VniAgTcbaGkGga8GubeAh8on5a3Pj-3OJqZI0lC-2lyy9Puw6ZfLEMADjeBhRBFPRJ9J747ug
The IP address 66.246.72.184 has been associated with brute force SSH attacks since 2005.
This appears to be part of a systematic, organized network. The wider questions is that this technique appears to work AND there are a series of clear ‘spam’ signals here, that appear to have slipped through Google’s gaze – allowing these infected sites to rank with:
- Keyword stuffing
- Thin content on an unrelated domain
- Cloaked redirects including 3 different domains and one meta-refresh step
- A final destination stuffed with adsense
Each one of those steps should have been sufficient signal to prevent the site appearing in SERPs, yet still it shows, despite Google’s Panda and Penguin updates.