

Google Bug: Clicking on Mongolian BBQ Redirect to LV Website - visopsys

This is the search result when I am trying to find Mongolian BBQ on Castro:<p>https:&#x2F;&#x2F;www.google.com&#x2F;webhp?sourceid=chrome-instant&amp;ion=1&amp;espv=2&amp;ie=UTF-8#q=mongolian%20bbq<p>The search result could be different depending on your location. If you are in the Bay Area, you should see the New Mongolian BBQ. Click on the search result that has the website newmongolianbbq.com, you will see a Louis Vuitton site.<p>If you copy and paste the link newmongolianbbq.com on your browser, you will see a food site.<p>Not sure if this is a Google&#x27;s Eastern Egg or or some Googler is having launch at Mongolian BBQ while shopping on LV.
======
dangrossman
The redirect is happening after you're already on the newmongolianbbq.com
website; Google is not doing anything weird.

This script on the page is responsible:
[http://luover.icanfans.com/d/luover.js](http://luover.icanfans.com/d/luover.js)

The restaurant's website is an out-of-date install of WordPress and several
plugins. One of them probably has a known vulnerability which someone
exploited to inject that script tag into the site's theme, redirecting its
Google traffic away to the knockoff LV store.

There are some 80 million WordPress sites, and a good chunk of them are
running outdated versions of the CMS or plugins, which makes it an easy target
for automated scanning and exploitation. This kind of hijacking happens to
thousands of websites every day.

