

Can Google's page cache be poisoned? A possible example. - MrFoof

I've tried going through the appropriate channels (including tweeting @MattCutts) but haven't recieved a response.  Therefore, I figure I'd bring this in front of the community in general (and knowing Matt reads this) to raise awareness of the issue.<p>The issue is it may be possible to poison Google's page cache.  I'm unsure of the means, but nevertheless, I've at least been able to provide one example.<p>So suppose you search google for "search jungle disk" to figure out why you can't search your JungleDisk volumes (to find out you don't have the Enterprise version)...<p>Here's the query string: http://www.google.com/search?sourceid=chrome&#38;ie=UTF-8&#38;q=search+jungle+disk<p>This is a result you'll be linked to: http://webcache.googleusercontent.com/search?q=cache:kD4X3vNgTUwJ:blog.jungledisk.com/2009/04/28/jungle-disk-261-released/+search+jungle+disk&#38;cd=2&#38;hl=en&#38;ct=clnk&#38;gl=us<p>This is the cached version of that result: http://webcache.googleusercontent.com/search?q=cache:kD4X3vNgTUwJ:blog.jungledisk.com/2009/04/28/jungle-disk-261-released/+search+jungle+disk&#38;cd=2&#38;hl=en&#38;ct=clnk&#38;gl=us<p>Now if you look at the cached result, it seems that JungleDisk is trying to sell me some cheap Reductil.  Lots of it.  With no prescription!  Moreover there are plenty of keywords and strings - some in foreign languages - peppered throughout the cached document.  This also appears to occur in<p>Perhaps this isn't Google's problem, and is instead a problem with JungleDisk's blog being compromised in some respect.  The question I pose to HN is - have you seen this before?  If so, can you cite some examples -- if this is a real problem, I think it's in all of our interest that this be nipped in the bud.
======
arianb
Actually, I have seen that - one of our websites got infected with a
particular hack that did this to our Google cache and search results.

They redirect search engines to the fake pharmacy pages, while still leaving
regular users able to see the normal content. This has been happening a lot,
especially on self-hosted Wordpress blogs, it seems.

If you're interested, I decoded the hack on my server and posted the
translated source online: <https://bitbucket.org/arianb/pharmahack/src>

More details here: [http://www.pearsonified.com/2010/04/wordpress-pharma-
hack.ph...](http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php)

------
byoung2
This happened to a wordpress blog I worked on last year. The version was a few
years old and the hackers were able to add some code to footer.php that
checked the referrer and if it was Google, it displayed phentermine and cialis
links. For regular visitors, it displayed the regular page. This way, when
google crawled the site, the links were there, but when the web masters looked
at it it was normal.

------
yanw
Have you tried: security@google.com

They usually respond within 24hrs.

