It seems as though the Google hackers are back at it again. And this time, they are targeting the popular Glutimax butt enhancement cream brand name =( We’ve seen this happen in the past many times. But these “google hackers” are now targeting our brand for some reason. I guess we should be flattered considering Glutimax is one of the oldest and most trusted brands in the market. Anyways lets get right into it…
So we’ll begin by doing a typical search query at google for our popular brand’s ingredients- “glutimax ingredients”…
Now the first few results will all look pretty normal. Now let’s scroll down below the “above the fold” results and take a look at some of the results lower on the page, such as positions 4-10…
Notice in the search results how we’ve circled all of the [pdf] link results. Now of course we’ve all seen an organic listing link to a PDF file. But all of these on the first page for our brand was pretty suspicious, agreed?
Now let’s dive in some more…
We’re going to investigate the first “suspicious result” which is result #4. It is dohwanyc.com that seems to be a Korean Restaurant in NYC. However notice the TITLE of the listing? It says: “Glutimax Cream Ingredients – Do Glutimax Cream Work – Do Hwa”
That is weird. Why would the owners of a Korean Restaurant want their website discussing a butt enhancement cream? So anyways we clicked the search result at google to see what happens…
We were expecting to be taken to Korean Restaurant website. But instead we saw this:
OK so wait, what just happened? The google search results didn’t take us to the Korean Restaurant website… it took us to a completely DIFFERENT website on a totally different domain! It took us to this RX shop selling erectile dysfunction medication LOL.
So this online drug store has compromised this restaurants website and is using our brand name to drive traffic to an online drug store it seems like. They placed some keyword-rich cloak/re-direct type script on the restaurant’s domain, and is re-directing all of the traffic to themselves via the google search engine results. Lets take a look at one of their “cloak” pages via google’s “cached” results…
This is what these pages look like that they’re using to “cloak / re-direct / hijack” these legitimate domains.
While viewing this cached version of the page in our browser, we can click on the HTML version of the page (link at the top left) and it normally will take us to a “page cannot be displayed” on the REAL website that got hijacked. But not in all cases, we did find a couple results where these “cloak” pages still existed on the hijacked domain.
Then we “assumed” that perhaps WordPress got compromised in some manner. It is common for them to get a plugin hacked. So we checked out some of these other hijacked domains in the google search results displaying a PDF. It does seem like all of them are WordPress platforms.
So then when we research some of these compromised domains by searching for them, at the domain level at google, they should notify a user that the website has been hacked. But they are not. Let’s take a look at the Korean Restaurant.
Now normally when seeing this restaurant’s search result, google would alert the user that the website may be hacked and suggest not proceeding. But it DOES NOT in these cases. So these guys must be pretty slick. Here is what it would typically look like when Google warns you that a site has been hacked.
But even though WordPress has this happen to them probably daily, how does Google let them get away with this? Imagine if your brand is something related to building custom men’s watches for example, and the name of your brand is XYZ WATCHES…
Now someone goes to google to search for your brand by typing in XYZ WATCHES. And when they click on your listing, they get taken to a pornographic or erectile dysfunction website. WOAH!
We’d tend to think that this could happen to a lot of businesses. Especially if the hijacked website has more AUTHORITY than the actual brand site.
They must be targeting tons of brand names and keywords with this method. We’re sure we aren’t the only ones being “targeted” or “picked on”.
Now we went back to the cached version of the page and took a look at the source code at webcache.googleusercontent.com (right click – view page source). The cache version always seems to use different creation dates on all of these pages…
Lastly, we did email a couple of these hijacked domains and not 1 of them responded to us. I guess they don’t care that their website has possibly been compromised.
We wonder for how long this has been happening as we only learned of this recently. For the last couple of months we’ve had some issues with our Brand name in the google search results. Could this have something to do with that? =(
Hopefully one of the search people at google will see this and contact us with some advice with respect to our issues with the giant’s search engines results. We’re trying to help them too by putting this all together to help them combat this issue in any way.
We’ve found some research online about this and it seems to keep happening over the years. It’d really be nice if Google could fix this once and for all. From our research, Exe Productions has some helpful ways to combat proxy hijacking and Barry Schwartz with seroundtable wrote about this. These seem like very similar scenarios.
The Glutimax Blog Team