(Page 2 of 2)
To prevent such attacks, Cutts recommended that anyone running her own website regularly patch the Web server and any software running on it. "In the same way that you wouldn't browse the Web with an unpatched copy of Internet Explorer, you shouldn't run a website with an unpatched or old version of WordPress, cPanel, Joomla, or Drupal," said Cutts. He also suggested that users hand over management of Web software. "Using a cloud-based service where the server software is managed by someone else can often be more secure," he said.
During his talk, Cutts also explained that Google's efforts to identify dubious Web sites now include parsing the JavaScript code that underlies pages. Code may contain hidden instructions that record users' data, for example.
"It wasn't obvious to me that Google can do this," says Endeca's Tunkelang. "And apparently some spammers were saying that Google can't do that."
Cutts noted that spammers and hackers are also finding new ways to spam, with the rise of social networking sites like Facebook and Twitter. These sites "bring identity into the equation, but don't really have checks to verify that a profile or person sending you a message is who you think they are," said Cutts.
"Authentication [across the Web] would be really nice," says Tunkelang. "The anonymity of the Internet, as valuable as it is, is also the source of many of these ills." Having to register an e-mail before you can comment on a blog is a step in this direction, he says, as is Twitter's recent addition of a "verified" label next to profiles it has authenticated.
Danah Boyd, a Microsoft Research scholar who studies social media, suggests that spammers take advantage of the fact that people don't always adhere to the rules on social-networking sites--for example, they sometimes provide fake information about themselves. "The variability of average users is precisely what spammers rely on when trying to trick the system," says Boyd. "All users are repurposing systems to meet their needs, and the game of the spammer keeps changing. That makes the work that Matt does very hard but also very interesting."
Instead of blocking attacks, a startup distracts attackers with false information.
As targeted scams become more common, it's vital to protect yourself.
We think they got in through a SQL database. Had thousands of link pages hidden on the site - porn and selling drugs (probably counterfeit). We'd find and delete them, then they'd pop up in another directory in even larger numbers. We played a cat and mouse game for months trying to track them down. Until we killed the SQL database, they would find every new password. The even spoofed our home page and after one clean-up filled my inbox with over 1,100 emails from a online form. Had to move the site, delete the database and kill all the forms to defeat them.
As I found out from doing my homework after the talk, Google (and Matt specifically) has talked publicly about Google's ability to parse / execute JavaScript--I commented about it in my blog post at The Noisy Channel about his presentation at the SIGIR 2009 Industry Track. But I am curious how robustly they do it. The research on random self-reducibility suggests that the spammers have an advantage in this arms race.
google guys should know this too well.
blogspot is a prime conduit for most of the spammers re-direct urls.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
Phineas
127 Comments
Honeypot
I noticed that an anti-spam webpage had three addresses written in white text against a white background. They would be invisible to the eye but perfectly apparent to a bot.
I sent an email to one of the addresses and got an 'undeliverable' reply. I'm waiting for further results.
Reply