Can Google's page cache be poisoned? A possible example.

1 points by MrFoof ↗ HN
I've tried going through the appropriate channels (including tweeting @MattCutts) but haven't recieved a response. Therefore, I figure I'd bring this in front of the community in general (and knowing Matt reads this) to raise awareness of the issue.

The issue is it may be possible to poison Google's page cache. I'm unsure of the means, but nevertheless, I've at least been able to provide one example.

So suppose you search google for "search jungle disk" to figure out why you can't search your JungleDisk volumes (to find out you don't have the Enterprise version)...

Here's the query string: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=search+jungle+disk

This is a result you'll be linked to: http://webcache.googleusercontent.com/search?q=cache:kD4X3vNgTUwJ:blog.jungledisk.com/2009/04/28/jungle-disk-261-released/+search+jungle+disk&cd=2&hl=en&ct=clnk&gl=us

This is the cached version of that result: http://webcache.googleusercontent.com/search?q=cache:kD4X3vNgTUwJ:blog.jungledisk.com/2009/04/28/jungle-disk-261-released/+search+jungle+disk&cd=2&hl=en&ct=clnk&gl=us

Now if you look at the cached result, it seems that JungleDisk is trying to sell me some cheap Reductil. Lots of it. With no prescription! Moreover there are plenty of keywords and strings - some in foreign languages - peppered throughout the cached document. This also appears to occur in

Perhaps this isn't Google's problem, and is instead a problem with JungleDisk's blog being compromised in some respect. The question I pose to HN is - have you seen this before? If so, can you cite some examples -- if this is a real problem, I think it's in all of our interest that this be nipped in the bud.

3 comments

[ 2.7 ms ] story [ 21.4 ms ] thread
Actually, I have seen that - one of our websites got infected with a particular hack that did this to our Google cache and search results.

They redirect search engines to the fake pharmacy pages, while still leaving regular users able to see the normal content. This has been happening a lot, especially on self-hosted Wordpress blogs, it seems.

If you're interested, I decoded the hack on my server and posted the translated source online: https://bitbucket.org/arianb/pharmahack/src

More details here: http://www.pearsonified.com/2010/04/wordpress-pharma-hack.ph...

This happened to a wordpress blog I worked on last year. The version was a few years old and the hackers were able to add some code to footer.php that checked the referrer and if it was Google, it displayed phentermine and cialis links. For regular visitors, it displayed the regular page. This way, when google crawled the site, the links were there, but when the web masters looked at it it was normal.
Have you tried: security@google.com

They usually respond within 24hrs.