Jianjun's Blog

Most SEO experts tell us that identical (duplicate) content will negatively affect our website’s search engine ranking and may even result in our websites being penalized. Well, to some extent, this may be true, as we do hear people say their websites are being banned or even dropped from search index. But according to my recent observation, those are probably just some very rare cases.

Some of the most notorious copycat websites almost don’t have any original content. They simply search on the Internet and found those keyword-rich articles and heap them together to make a gigantic website. They do things that Google ‘threatens’ to punish but they do get very good SEO results!

Their tactic is very simple. The site owner sets up a large number of blogs on free platforms with the same duplicate content linking to one another with most links back to the main site, while the main site doesn’t link back to these satellites. At the same time, they submit all those blogs to search engines and services such as Technorati to get better exposure and higher authority.

Let’s look at a live example: ‘translation183.bloglipi.com‘. The blog not only uses duplicate contents from other websites, but also has unknown number of embedded keyword-rich links to its main site – sytra.cn.

On Technorati, there are 19 blog reactions to it (see http://www.technorati.com/search/translation183.bloglipi.com) and one of those reacted back has an authority of 58 (see http://www.technorati.com/blogs/jonramos.com/wpmu/translation182). Needless to say, all those ‘reactions’ are created by the same guy and those blog names mostly have a ‘translaiton183′, ‘translation182′ or something similar.

I guess no SEO experts will actually recommend such a strategy to generate traffic, but it works. In just a few months time, Sytra.cn generated a very good traffic of more than 6,000 unique visits per month and a Google pagerank of 3.

Please don’t take me wrong. I’m with you in condemning such copycats + spammers and I believe what they are building right now will in the end be their tombs (something a Semantic Web will do well).

The purpose of this article is to show you search engine algorithms of today are far from perfect in dealing with such abusive acts and, at the same time, some unintentional duplicate content or a little too many links probably won’t do us much harm in regard to SEO.

Just confirmed with an MSN buddy that he’s ‘infected with’ a new MSN link-sharing ‘virus’. As a matter of fact, I myself was fooled by this very thing a couple of weeks ago when I got a message from a close friend on MSN that contained a link to ‘her personal page’.

The message ran as follows:

“hii.. check out this.. http://real.amazing-stuff.info .. brb he!!”

Since this was from my close friend, and she’s immediately offline when I got these, I guessed s might be in a hurry and hoped to connect with me using some social network, so I clicked on the link and it brought me to a web page that required me to sign in using my MSN user name and password. The page had detailed service terms and ‘report abuse’ email and told me:

We may temporarily access your MSN account to do a combination
of the following:
1. Send Instant Messages to your friends promoting this site.
2. Introduce new entertaining sites to your friends via Instant Messages.

Again, since it’s ‘recommended’ by my close friend, I logged in and set up some personal page there. But since it was not very attractive, I logged off and never went there again afterwards. But my user name and password were already stolen!

I realized this on the second day when my MSN messenger automatically logged off saying another user had logged in. This is the ONE security feature of MSN messenger I love. (Skype wouldn’t prompt you anything like this when a thousand other users logged into your account and eavesdropped on your chats!) Then I changed my password. I suspect the hacker site used my credential to send similar links to all my contacts that day.

However, if not today another victim sent me a message (also when he’s offline!) as follows, I wouldn’t associate these things together:

“http://username.very.c0o0lthing.info”

I immediately sent a message back to him asking if he knew about this. When he was back online he confirmed that it was some kind of ‘virus’ he got from other MSN users.

Technically speaking, this is not a virus, but phishing. Phishing sites fake other sites to steal your personal information and use them to access your accounts such as email, PayPal or Moneybookers accounts.

In this very case, the hidden criminals’ true intention is not using your email account to spread their links. Since many people use the same password for their email and other accounts such as PayPal, they could easily obtain your private financial information.

If you experienced a similar situation recently:

1. make sure you post a status message in your MSN messenger warning all contacts not to click on any links you send out before verification;
2. change your MSN password immediately and change the password of other accounts that share the same password.
3. help to spread the warning by blogging about it, digging this and other related articles to fight against further phishing attempts.

The phishing site page looks like the following:

The site claims to be TST Management Inc. And here are three domain names they used (They probably use tons of other domains for such purposes) and related information:

1. pr0filepix.info

Domain ID:D24638073-LRMS
Domain Name:PR0FILEPIX.INFO
Created On:29-Apr-2008 12:16:31 UTC
Last Updated On:29-Apr-2008 12:54:46 UTC
Expiration Date:29-Apr-2009 12:16:31 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:d5574c1883d
Registrant Name:Mark Bradley
Registrant Organization:TST Management, Inc
Registrant Street1:edificio Magna Corp – 5th Floo
Registrant City:PANAMA
Registrant State/Province:PANAMA
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+1.2021577

Server IP: 210.56.53.224
Hong Kong – Dedicated Internet Access (sunhk Datacenter)
Registrant Search: “TST Management, Inc” owns about 85 other domains

2. 1FP9.INFO

Domain ID:D18304546-LRMS
Domain Name:1FP9.INFO
Created On:07-Jun-2007 10:10:35 UTC
Last Updated On:21-Apr-2008 12:59:51 UTC
Expiration Date:07-Jun-2008 10:10:35 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:OK
Registrant ID:90f98cddfd4
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577

Server IP: 216.52.184.243
Washington – Redmond – Enom

3. c0o0lthing.info

Domain ID:D24611209-LRMS
Domain Name:C0O0LTHING.INFO
Created On:27-Apr-2008 15:25:13 UTC
Last Updated On:27-Apr-2008 15:25:26 UTC
Expiration Date:27-Apr-2009 15:25:13 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:999AD5DB09046351
Registrant Name:Peter Call
Registrant Organization:Blue China Group, Ltd
Registrant Street1:Room 1204, 12/F, Shanghai Ind.
Registrant Street2:Investment Bldg.,
Registrant Street3:48-62 Hennessy Road
Registrant City:Wanchai
Registrant State/Province:HK
Registrant Postal Code:0000
Registrant Country:HK
Registrant Phone:+852.94230671

Server IP: 65.39.175.61
Quebec – Montreal – Qitx Inc
Registrant Search: “Blue China Group, Ltd” owns about 1,669 other domains

*UPDATE*

Thanks to all visitors who provided further phishing addresses as follows (also see comments). I believe we can dig out all those bad urls soon :

“adp0int.info”
“real.awesome-stuff.info”
“cache2.imagehosters.info”
“h0st3d.on.prof1lepix.info”
“save.p1ctures.info”
“fr1endp1cs.info”
“username.get.n1ce4ds.info”
“username.likes.ch33se.info”
“down.l0ader.info”
“was.d1ssed.info”
“arm18618.this.are.the.fri3ndp1x.info”
“ch3k3r.info”
“ch3ck3r.info”
“username.the.great-th1ng.info”
“username.partyp1x.info”
“username.1ik5.info”
“username.found.some.c0o0ol5tuff.info”

“username.awes0me.info”
“fileho5t.info”
“m33tpoint.info”
“checkdiz.info”
“snapsh0t.info”
“ther1ng.info”
“greatblockier.info”
“blockierteplatz.info”
“t0nez.info”
“c0mpics.info”
“jumphost.info”
“flatl1ne.info”
“g4ng.info”
“b4ng.info”
“h0stp1cs.info”

If you know any other phishing urls of this MSN messenger scam, please leave a voice or video comment below. (The text comment function crashed my database and many comments got lost.) I’ll update this post.

*UPDATE-1*

Eric translated part of this post into German. If you are not comfortable with English and would like to read German, please visit: http://erichaas.spaces.live.com/blog/cns!20AE01BBC9DF0C0!1014.trak for the German version. Translation into other languages is also welcomed. Please link back to this article and let me know your post address and I’ll add it to this list. Thanks for your help!

*UPDATE-2*

Interesting registrant name of one of its domains (see below):

Domain ID:D24997781-LRMS
Domain Name:THER1NG.INFO
Created On:30-May-2008 14:57:47 UTC
Last Updated On:31-May-2008 10:02:05 UTC
Expiration Date:30-May-2009 14:57:47 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:47429cff5a9
Registrant Name:Jeff Fisher
Registrant Organization:TST Management, Inc
Registrant Street1:Edificio Magna Corp. 5th Floor
Registrant Street2:
Registrant Street3:
Registrant City:Panama City
Registrant State/Province:Panama
Registrant Postal Code:0000
Registrant Country:PA
Registrant Phone:+507.2021577
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:

They said it and they will do it. Your blog might be dropped by Technorati for not upgrading to WordPress 2.5.

According to their official blog of April 7, 2008:

Blogs that have been compromised by this security vulnerability are typified by having links to spam destinations inserted onto the blog page. These link insertions may be invisible to casual observations; the links are often obscured by style attributes that render them invisible.

And as a result, Technorati will be:

discontinuing processing crawls of blogs that exhibit common symptoms of being compromised.

Although after running a check, I found no compromised security problems with my blog, I still decided to upgrade to WordPress 2.5 a couple of days ago as a precaution. If such unfortunate things ever happened, the damage would be more than being dropped by Technorati, but also by Google and Yahoo.

Most people feel upgrading WordPress a headache. Actually it is not! What you need to do is only to replace files under the ROOT, WP-admin and WP-includes folders and leave wp-configure.php intact. After replacing these files, visit the upgrade link and you are done.

WordPress 2.5 not only features a streamlined control panel, but also better functionalities such as one key update of plug-ins. Very cute. After upgrading, I also found no spam comments waiting for me to moderate.

Further resources:

Technorati Blog