It's not enough that you have to install firewalls, antivirus programs,
spam filters, and adware cleaners on all your PCs — now you have
to guard against something called "cache bashing," too.
If it's important that your company be findable when potential customers
look for your topic in search engines — and what company doesn't care
about that these days? — you'll want to know how this works and
how to protect yourself.
Allow me to explain.
Cache Bashing for Fun and Profit
The latest Internet threat was discovered during a new contest to see which
Web sites could be forced into a top ranking in Google.com's search pages for a
particular nonsense term. This little game is called
Google bombing.
Google bombing requires the cooperation of a number of different Web pages.
If they all link to a specific Web site using a particular set of words,
Google will soon rank that site very highly on searches that use the exact
same words.
This fact has given us searches like
miserable failure, for which the first search result became
the Web site of the White House. Turning the tables, conservative groups
then created links so that the first search result for
great president was a biography of George W. Bush.
That's all great fun. But the latest experiment has shown a much darker
side to Google bombing. This problem can very negatively affect the
search-engine rankings of your company.
• Google Bombing for Prizes.
Professionals who advise companies on search-engine positioning, which is
known as search-engine optimization (SEO), were challenged to a duel
on April 30 by SEO consultants at
SearchGuild and
Dark Blue.
Whichever Web site showed up on June 7 in Google's No. 1 spot for a made-up
search phrase would win an Apple Mini iPod. The No. 1 site 30 days later, after
Google had presumably tweaked its ranking formula, would win a 17-inch
Sony flat-panel LCD screen.
• High Rankings for "Nigritude Ultramarine." These weren't
especially luxurious prizes, to be sure. But they were enough to start a
kind of feeding frenzy among a subculture of SEO hackers. The chosen phrase
for optimization was "Nigritude Ultramarine," two words that mean "the state
of being black" and "vivid, purplish blue." By last week, there were at least
377,000 Web pages containing that exact phrase, according to the search results
page at Google. Before the contest started, there had been none.
• The Dark Side Strikes Back.
One of the highest-ranked Web pages for a time was a competition entry posted by
Time2Dine.co.nz. This New Zealand-based restaurant
reservation site has a sideline business in SEO consulting and entered the
contest as a lark. Suddenly, the page's ranking in Google's listings
plummeted from 3rd to 103rd in only three days, according to Garrett
French, the editor of the e-commerce forum
WebProNews.
What had caused such a sharp dive so quickly? French says that a programmer
called BlueFalcon had found a way to use Google's own API (application
programming interface) to sharply penalize his competitor's entry in Google's
rankings.
Your Cache Can Be Used Against You
To accomplish cache bashing, the attacker uses a link at Google that leads to a
cached copy of your company's Web page — as it looked when Google most
recently indexed it. Your nemesis then posts the copy of your page somewhere on
a site that has a higher "page rank" at Google than your site does. Because
Google eliminates from its index any pages it finds that are simply duplicates
of other pages, your company disappears from or is strongly penalized in
Google's rankings.
This kind of black-hat optimization has been possible before. An attacker could
simply copy any page of your site that he or she visits. But you were previously
able to defend against this. When you detected the creation of duplicate
pages, you could ban the offender from visiting your site again, using the
IP address from which the original visit occurred.
Since a cache-bashing attacker gets copies of your pages by visiting Google's
own cache — not your site — banning offending IP addresses no
longer works.
Conclusion
How can your company protect your rankings in search engines from being
destroyed by cache bashing? Since this kind of attack is new and still fairly
rare, I wouldn't recommend that you take any action unless you detect that
it's actually happening to you. If it is, the only defense at this time is to
configure Google not to make cached copies of your Web pages available. This is
simple to do, as explained in Google's
help file.
Having a low ranking in search engines isn't the worst thing that can happen
to your company. But now you know that it's one more Internet exploit you need
to watch out for.