Protecting users from malware hosted on bulk subdomain services
17 giugno 2011
Over the past few months, Google’s systems have detected a number of bulk subdomain providers becoming targets of abuse by malware distributors. Bulk subdomain providers register a domain name, like example.com, and then sell subdomains of this domain name, like subdomain.example.com. Subdomains are often registered by the thousands at one time and are used to distribute malware and fake anti-virus products on the web. In some cases our malware scanners have found more than 50,000 malware domains from a single bulk provider.
Google’s automated malware scanning systems detect sites that distribute malware. To help protect users we recently modified those systems to identify bulk subdomain services which are being abused. In some severe cases our systems may now flag the whole bulk domain.
We offer many services to webmasters to help them fight abuse, such as:
- Webmaster Tools lets webmasters find examples of URLs under their domains that may be distributing malware.
- Google Safe Browsing Alerts for Network Administrators allows owners of Autonomous Systems to get notifications for hosts that are involved in malware delivery.
21 commenti :
Finally! This was overdue. :)
It is very disappointing knowing this. Just learning to blog. My site got indexed takes me more than a month (because i have no idea how that day), but losing it in just a day.
Register in co.cc and using google webmaster tool to check everything including malware. So I believe my site is good.
I don't expect this. So sad to know because of less than 10% using it the bad way, all 90% has to feel the punishment as well. :(
Might I suggested purchasing a TOP-LEVEL domain name? They're so cheap now, there's no reason not to. Even Google offers limited domain services via GoDaddy, perhaps it's time to get established.
This is total monopoloy. Instead of banning the sites that have the malware runnning, google bans everybody. I just goes to show when one gets too powerfull they think they can play god!, It would be easy enuff to ban just the sites with malware then the entire domains. my 2c
@Marshall internetbs.net is cheaper and include free privacy.
hehe above me seems have lot of co.cc
It's simple. Google have it's search engine, they can do whatever they like, even banned all website, if you don't like, don't submit url to google and don't optimize for google, optimize for others :)
Monopoly if in this world there's only 1 search engine : google only, no other can have search engine, that's monopoly, and this is not.
BTW I so so agree with google decision, and better roll out panda often :)
My site, claudiominetti.co.cc was even banned, this site is totally personal, i do not see any reason for Google to ban all site with this domains.
This is totally insane.
I'm a Google apps, adsense, analytics and webmaster tools user. I just don't have enough money to pay for the domain name that links to my blog, the spammers and malware authors deserved losing their search results, and i applaud Google for taking those out, but those of us using it for valid reasons now have to dish out money we just don't have.
Those of you complaining are complaining to the wrong people! You need to direct your complaints to the people responsible for the malware / spamware / scamware / etc.
And if you've paid any money you need to direct your complaints at co.cc - they're the ones who have profited from abuse.
I have a legitimate site via CO.CC. If only 50,000 of 11 MILLION sites have malware, then ban the 50,000 not the legit sites!
Though I can see some value in this move, I can't help but feel uneasy at how strong a censorship power Google has. They could have just added very bold warnings and additional warning screens before leading to the co.cc subdomains, and let people take their responsibility.
I wish they gave some credit to their users, and let them decide for themselves, given the information Google can provide;and I'm sure they have convincing data, they wouldn't have blocked the entire domain otherwise. Sure, some people wouldn't make the right decision. But hopefully, they would learn from their mistakes. The very mistakes they are not given the opportunity to make--and thus learn from---in the current situation.
Google as an extension of the nanny states? Unfortunately so...
From what i gather, Google engineers have taken the lazy way out of a malware problem. This is also a small attack on the free internet.
With .com sites at only $10/year, I'm not sure how someone could loose their entire earnings because the .co.cc subdomain is blocked. I know I couldn't live on less that $10/year. Perhaps think of buying a domain as part of the cost of doing business.
Nice going, Google. You just blocked my university course website from your search results. Sure, I could pay $10 a year to register some other domain that you might also decide later to block, but why bother because (a) if you can, you probably will at some point, and (b) I don't get reimbursed for this.
This is unfortunate, but there is not much people can do. The problem was solved and will probably just take another form, but it is easy to register a new domain - Guess you just have to play by their rules these days.
Given the fact that my blog was once hosted on a .co.cc domain and the problems I had with Facebook because of it back in February, it was very wise to have moved my blog to the new purchased domain. Don't blame Google for this, blame those who caused it.
The fact of the matter is that it is much easier when the domain is owned by the user. I found a great tool with activclient I am sure there are other great tools, but this one has helped me out lately.
Personally I think this is more of a band aid solution then an actual solution.
Didn't they do this to afraid.org at one point ?
this is no good. i know a lot of good website with co.cc
you can ban the site with malware but do not punish all the website.
this is unfair .
i do not own the google so can't really do anything .
but google has been changed a lot in few months . sometime result are not proper . errors, stupid change in color. +1 and than this !. if this happen for next few months i think people will start using bing and yahoo. Thanks sorry for poor english .
It is really harsh measures by Google to ban or delist all co.cc websites without any descrimination. My five sites were running for many years. I am genuine personal writer but Google is a boss who does everything according to their sole discretion. Is there any pressure on Google from .com or commercial domain hosting sellers? At least Google should officially tell reasons to publishers. It is our freedom of expression right to question decisions.
50,000 sites are just wrong on 11 million domains. Is very conservative atitide of google delete all of your sites indexing. Other DNS services often have content sites with spam, malwere are malicious and no is deleted from the search engine. Maybe a boycott of other companies that sell domain names and are seeing that people already are setting up co.cc domain much more than their DNS. Harming the webmaster and the website publishers who use co.cc is arbitrary and conservative.
I've a solution. It implies a lot of work for people like me, who can't automate tasks. My proposal, to all of us, is to use Blogger for showing our entire sitemap with titles. I use co.cc for my site and Blogger for my blog. Google index cepac.co.cc (our site) ONLY if a post in Blogger inmention it. So, there's the solution: put all and every link to each and everyone of our pages in a Blogger post, or more. And see what happen... Will Google close 11 million of Blogger accounts? Many people do bad things with Blogger and (I guess) their not thinking in closing it...
Posta un commento