What to do if your name made it into Google through some spamsites

some sitenotes beforehand

This article is just a subjective guide to getting your name removed from Googles search index. It describes what I found to be working best while handling cases for WHOA. It most likely doesn't describe the easiest way, but is shows the way I found to be working in several cases. If you know a better way, let me know how you would handle the case. The information is kept quite short, so please use my contact adress, if you need more information than needed in the links within this text provide. If you care to disagree with me, please send me hate mails. Ah, and one more thing: I like textadventures and tales (why do you think I attended a course about interactive fiction and did a radio play production course on fairy tales?).

the scenario

Well, you might know the situation, where you search for your own name and Google comes up with some sites containing your name? Okay, let's now assume you enter your name and most pages that come up look like this:
search sample
where Insert Name Here is your name. And what if there is not one of those entries but several of them?
Well, unlikely to happen to you, you might think? I handled some cases where excactly this happened without the victims knowing how it could happen to them. And how could they know? Those wordlists contain random information found somewere on the internet, so what's there to do if it happens to you ?

So what steps to take now?

Your primary wish will probably be to ask Google to remove these sites and never let any site like this into their index when they contain your name. One would probably try and send an eMail to abuse@Google.com. This might or might not work. Most probably nothing would happen. Or in the best of cases you find an abuse handler at Google.com who would point you to correct places. So why not start at the right places?

first of all

DON'T PANIC!

I calmed down and now?

So, what are the steps you have to take to get your name removed from Googles index?

Well, let's make a list of what to do:
  1. get Google to remove the website from their cache
  2. get Google to remove the website from the index
  3. get the websites shut down, which host the content containing your name
  4. get your PC cleaned up from any virus you might have aquired by visiting any of the sites you visited in researching your case :(
'Wait, about the last point', you might ask, ' did you say I got infected with a virus while researching this case?' Yes most likely, the moment you visited any site involved in this case you should get infected. 'But I run a anti virus solution!', you might say. So what? The viruses and trojans I found in all of these cases changed their look every 30 minutes, getting my antivirus vendor to create a signature took 4 to 25 hours... so you got a nice trojan downloader which wasn't detected by any antivirus solution. The problem is nicely described in To AV or not to AV, is that the question?. So be really careful and visit those sites only, if you wanted to reinstall your computer anyway...

So did you calm down again?

If not, calm down, else

Let the show begin!

To get Google to shut a site down, you either have to provide Google with evidence that the content is in conflict with law, that the site actually is dead or that it is conflicting some of your rights. If you can do one of these things, you're done, Google will remove the site and tomorrow you will find one or two new sites more than today. Yes, it's the same story as with the Hydra. So it is time to become Heracles and chop of all the heads.

It's Herotime!

Let's start with our training plan, if we want to become the hero in our story and not stay the victim of the mean tyrann, who tries to put us down by publishing our name on a website (to get some virus onto our pc to enslave it for his purposes).

So what do I need to be a hero?

What is it I need to be a hero, you might ask? I say, you have to be brave (unafraight to write emails to uncooperative providers for the 20th time), strong in mind (follow your goal until you reach it), wise (know what you are doing), skilled (know the tools you will use) and last but not least know your weapons (the internet adresses where to find your answers).

basic training

Before anyone becomes a hero there is has to be a hard training session (feel free to disagree).

choice of weapons

For now, we will assume, that we are using one basic weapon (the internet). It has the advantage, that we don't have to wrestle in the Operating System Wars.

The basic weapons:
  • haltabuse.org
    Get your own adviser who will guide you through the whole adventure (or at least as far as you need until you can start to win this fight on your own.
  • domaintools.com
    The source, where you can find the domain provider of your spammer
  • isc.sans.org
    Really good source for information and a great contact if you get stuck
  • Google
    Your weapon, your enemies weapon, use it wisely as it is used against you.
  • virustotal.com
    It is a small helper which can identify if a gift a website presents you is good or bad (well actually it is a service which sends a given file through several virus scanners)
  • Wikipedia
    source of the knowledge of the masses(start searching for spamdexing)
  • DNSWatch
    its a digger ;-)

That's it ... Okay ... it's not everything, but there is only one more thing you need. It's an eMail account. You will have to find one of those on your own. on to mastering our weapons

haltabuse.org

There is not much to be said about this: You fill out the "Request Help From WHOA:" form after carefully reading through the Need Help? section. You will be assigned to your own handler who will take some time to guide you step by step through the whole adventure. Might be a little less fun but will help when you get stuck somewere.

http://domaintools.com/

domaintools provides you (staying in our adventure theme) with a whois spell. Well at least it tells you, who provides services for your enemy. Get in contact with your enemies provider to cut his supply ;-) (Okay, what you do is to enter his IP or his domain name (in our sample it would be sexprivateshow-com.husut.com) into the whois lookup file d and search for it. You will get the contact information for the domain holder in the whois record. You also get the server IP for free and can use the W behind the IP to get the server ISP (the supplier of the housing of the website).

isc.sans.org

This is the site to go to if you want to go from hero to wizard. But also provides resouces which will help you survive the first day. Read it and learn.

Google

Your enemy uses it, so use it too! Google provides you with many tools you can use to fight your enemies. Try for example http://www.Google.com/contact/spamreport.html. You can report your enemy to Google and Google might or might not react. You never know what will happen when you use this feature, but it might resolve your problems. Not likely, but it might. If this place doesn't help you and you have or are willing to get a Google account, you can use Googles Webmaster Tools - Removal Requests. It guides you with some small questions through the hole process. I didn't ever get a request denied, test your skills!

Virustotal

Well, you give them a file and they try to find a virus in it. It's not very helpful in our case, as most of the virii I found on the sites we are dealing with in our case change their look every 30 minutes and aren't detected by any scanner. Just take a look at Virustotal Failures in Detection in the last 24 hours (Blue shows the successfully detected viruses. Well and the stats just show the ones detectet by at least one scanner.
But nevertheless it's a nice way to run a file against more than one scanner at once, so you get a better chance to find anything.

Wikipedia

Or don't trust anything written on the net. Wikipedia contains so many errors and public myths (at least about physics), so think before you believe anything. But sometimes its quite easy to get the information you need in a simple stupid form. Its like science on private television not totally wrong.

DNSWatch

Use it to dig into the depth of the domain name system

Put the tools in use

Okay, use domaintools to get the contact info of the websites you are attacking. Use your eMail programm to write an email to the abuse address. Make shure you include the following info:

  • Your contact adress
  • The google websearch showing the result
  • The address of the website with the info you want removed
  • The IP of the site you want to get removed
  • A statement why you want the site to be removed.
If you do it right, you the admin will remove the website. That is: They will if they are doing their job in the right way. Their are some ISPs that don't do their work. And always stay friendly. You want them to help you. Their customers are paying them, you are not. So convice them, that their customer are harming them by harming you.

Well if everything works out well, the provider will have the page shut down in no time. Now google will have the entry removed in no time too (use the removal request form). Well that's about it. Try it. And now redo everything you just did from start for the two new sites that popped up while you were getting the site shut down.

Why in hell, do I have to redo everything I did?

Remember the Hydra? Well, that's what you are fighting. So you will have to chop of all the heads in one lucky strike. Or one by one but faster than the new heads can grow.


... to be continued