IATLD Site Hacked to promote casinos

[Perc]

I noticed this on google.ca a while ago, and tried to take some action over a month ago. It looks like the hack uses geo-targeting along with the keywords searched to trigger the redirect. I posted everything I found at the GPWA: http://www.gpwa.org/forum/hacker-black-hatter-210194.html

I sent emails to the affiliate programs with casinos on the sites that I found, and also submitted a report to google.

 

[vinylweatherman]

I noticed this on google.ca a while ago, and tried to take some action over a month ago. It looks like the hack uses geo-targeting along with the keywords searched to trigger the redirect. I posted everything I found at the GPWA:

You do not have permission to view link Log in or register now.

I sent emails to the affiliate programs with casinos on the sites that I found, and also submitted a report to google.

Whilst they dither, the hack steadily gains more publicity, as well as spreading to more sites. The bigger this is allowed to get, the more damage it does to the online casino industry, as they are the product being pushed, rather than the more usual Viagra and enlargement schemes. The types of site being attacked is also likely to enrage the wrong people (those anti-online gambling), and provide them with "evidence" that this is not a legitimate industry.

 

[Mousey]

Has anyone contacted the legitimate webmasters of the hacked websites with a heads up? or Google?

 

[mercyme]

You are months ahead of me.... I'm not a GPWA member so my question is.

Were the operators contacted and what was there reply.

They obviously did nothing as the sites are still there and the affiliate or whomever ever is doing the hacking are carrying on their merry way with no repercussions from the operators or Google.

Will everyone here at least submit spam reports.

I suggest that everyone on the GPWA also submit spam reports. Power in numbers and all that.

Lets do something.

 

[vinylweatherman]

You are months ahead of me.... I'm not a GPWA member so my question is.

Were the operators contacted and what was there reply.

They obviously did nothing as the sites are still there and the affiliate or whomever ever is doing the hacking are carrying on their merry way with no repercussions from the operators or Google.

Will everyone here at least submit spam reports.

I suggest that everyone on the GPWA also submit spam reports. Power in numbers and all that.

Lets do something.

It does seem that this has been going on for a while, and is the SECOND time there has been a major hacking incident involving rogue affiliates. Whilst operators involved haven't had long to respond to this thread, they have had months to respond to the one at GPWA, and a YEAR to react to this type of hack in more general terms. If the repercussions of the 2012 Joomla attack were sufficiently robust, it should have deterred this latest incident.

It is a little worrying that of the three operators involved, only one so far has expressed a view that this is not acceptable for their program, but despite having the affiliate tags and identity of those involved, action is not exactly swift and robust. They have made another week's worth of referral revenue whilst two operators have yet to look into this.

If they get to benefit financially from this kind of action, they will do it again and again. The more they do it, the more negative PR the whole industry suffers.

 

[mercyme]

This is what I think we should do otherwise this thread will die a miserable death and once again affiliates will prove to be toothless when it comes to joining forces and actually achieving something.

Lets all post when we have completed a spam report so we know how many are being submitted.

I have submitted a spam report for all the sites that are hacking. It was a total of 10 spam reports.

Who is next ?

 

[mercyme]

the silence is deafening..... looks like no one really cares

 

[mercyme]

hello... is thread dead !!!

 

[Casinomeister]

hello... is thread dead !!!

No. I'm still here.

The Palace Group has contacted me and are investigating. Fortune Lounge already mentioned that they are monitoring this as well.

Who's left?

Have the Rewards Group been involved? I haven't seen any of their casinos mentioned.

 

[mercyme]

Not sure what that means, it should take them no time at all to identify who is doing this.

glad someone is still following up

 

[Casinomeister]

Not sure what that means, it should take them no time at all to identify who is doing this.
...

The Rewards Group: you should know them if you are an affiliate. They've had a couple of issues in the past. I figured you'd know something about that.

 

[vinylweatherman]

No. I'm still here.

The Palace Group has contacted me and are investigating. Fortune Lounge already mentioned that they are monitoring this as well.

Who's left?

Have the Rewards Group been involved? I haven't seen any of their casinos mentioned.

The third was Digimedia.

They may be investigating, but there is no communication.


How hard can it be to connect an affiliate tag to an individual affiliate account?

The perceived simplicity of this process makes it hard to believe that there is much in the way of investigation necessary. It is already clear that this goes way beyond the worst spamming campaign. This is the criminal hijacking of websites through the use of malware. The target may be Google SEO, but property not belonging to the affiliate has been misappropriated to achieve the goal.

The sites hijacked have nothing whatsoever to do with online gambling, so there is also the potential for severe reputational damage being done to the industry as a whole, and the three brands being promoted in particular.

Look at this from the point of view of the webmasters of these sites once they find out what has happened, and for who's benefit. They are going to see "online casinos" as the rogue element, not an individual affiliate. They may then have this view reflected by their government, and this is bad for the industry as a whole who have been trying to convince governments around the world that this industry is just as legitimate as any other internet based "entertainment" business.

One doesn't see Netflix or Lovefilm promoting themselves by injecting malware into websites to boost their Google rankings.

We should at least see the affiliate accounts involved being frozen pending the outcome of the investigation so that they are not able to profit further due to the time taken to complete the investigation. It's no different to what would happen to a player when their account is under investigation.

 

[Casinomeister]

I've spoken with the Palace group rep over the phone and they are investigating and monitoring this situation.

One thing to keep in mind, there are many affiliates who buy up domains that already have traffic and create banner farms. There is nothing ethically wrong with this (maybe aesthetically), but how is an affiliate program know that this is not the case?

In other words, where is the evidence of the "hacking"? Don't make accusations unless you have facts to back you up.

An assumption or your opinion is not a fact. Thank you.

 

[Perc]

I've spoken with the Palace group rep over the phone and they are investigating and monitoring this situation.

One thing to keep in mind, there are many affiliates who buy up domains that already have traffic and create banner farms. There is nothing ethically wrong with this (maybe aesthetically), but how is an affiliate program know that this is not the case?

In other words, where is the evidence of the "hacking"? Don't make accusations unless you have facts to back you up.

An assumption or your opinion is not a fact. Thank you.

This is much more than just buying domains and creating banner farms out of them.

I have noticed one website has fixed the hack, communityofchrist.ca no longer re-directs but still shows up in a search for online casinos. Evidence?

Google is starting to notice, and is showing "This site may be compromised" for some of those hacked websites:



I can't see the Ontario Environment Network allowing their domain to expire, I suppose it is possible, but they are still using their website. Actually that's one webmaster I haven't attempted to contact, I'll do that now.

Even if all of these domains happened to expire and the same affy bought them, the re-directs and whatever else they are doing do show up in google is pure black hat stuff. Worse than email spam, this is search engine spam.

Hacking or not, it makes the entire industry look bad, especially those casinos listed on the hacked websites. Now that brings up another issue, don't most websites have to be approved before an affy can send traffic from them?

The #1 result for 'online casinos' in google.ca is one of these websites. It makes me sick thinking about the potential income from just a few months of sitting in that spot, and it's not fair to the rest of us who work hard trying to get there.

These affiliates should not be paid, period. Evidence of hacking or not (how does one actually get real evidence?), I'm sure many affiliate program T&C's are being broken by these affiliates.

Edited to add: If you search for "Ontario Environment Network" on google.ca and click on the oen.ca website, you will get their regular website. If you search for "Ontario Environment Network Casino" and click on the same site, you are redirected to a casino portal. You may need to be in Canada for this to work, some people outside of Canada have tried with a proxy but still didn't get the redirect.

At the bottom of this portal is "2012 © best-canada-casinos.com" and it is the same portal that several of these hacked websites redirect to.

 

[vinylweatherman]

This is much more than just buying domains and creating banner farms out of them.

I have noticed one website has fixed the hack, communityofchrist.ca no longer re-directs but still shows up in a search for online casinos. Evidence?

Google is starting to notice, and is showing "This site may be compromised" for some of those hacked websites:

View attachment 39249

I can't see the Ontario Environment Network allowing their domain to expire, I suppose it is possible, but they are still using their website. Actually that's one webmaster I haven't attempted to contact, I'll do that now.

Even if all of these domains happened to expire and the same affy bought them, the re-directs and whatever else they are doing do show up in google is pure black hat stuff. Worse than email spam, this is search engine spam.

Hacking or not, it makes the entire industry look bad, especially those casinos listed on the hacked websites. Now that brings up another issue, don't most websites have to be approved before an affy can send traffic from them?

The #1 result for 'online casinos' in google.ca is one of these websites. It makes me sick thinking about the potential income from just a few months of sitting in that spot, and it's not fair to the rest of us who work hard trying to get there.

These affiliates should not be paid, period. Evidence of hacking or not (how does one actually get real evidence?), I'm sure many affiliate program T&C's are being broken by these affiliates.

Edited to add: If you search for "Ontario Environment Network" on google.ca and click on the oen.ca website, you will get their regular website. If you search for "Ontario Environment Network Casino" and click on the same site, you are redirected to a casino portal. You may need to be in Canada for this to work, some people outside of Canada have tried with a proxy but still didn't get the redirect.

At the bottom of this portal is "2012 © best-canada-casinos.com" and it is the same portal that several of these hacked websites redirect to.

Testimony from the webmaster of the "hacked" site that they have not sold their domain, nor allowed it to expire.

The problem with "monitoring" is that nothing is actually being done to address the situation, and it could be a high risk strategy if this really is something of significance in the "black hat" or "hacking" world. Google should also be taking this seriously, as the nature of this seems to give the impression that the "hack" only becomes evident when a site is accessed via a Google result link, and everything is normal if the site's URL is typed in directly.

Even if this is a crafty affiliate buying up numerous domains, the fact that the old content has not been flushed makes it appear as though the sites have been hacked. It also creates an association between the former owners and online gambling, something that they may not like. A few of the sites appear to be regulatory bodies, standards agencies, and charitable organisations. Leaving the old content lying around is even more damaging to the industry as it flies in the face of certain taboos in how this pastime should be promoted.

 

[Perc]

Well I got a reply from the owner of the Ontario Environment Network website. He thanked me for letting him know and said "I will let our server know about this."

I will try to keep in contact with him and get as much information as I can about what exactly happened.

 

[vinylweatherman]

Well I got a reply from the owner of the Ontario Environment Network website. He thanked me for letting him know and said "I will let our server know about this."

I will try to keep in contact with him and get as much information as I can about what exactly happened.

Maybe the owners of many of these compromised sites have no idea about this, and when they find out this could turn out to be something pretty big.

We can certainly rule out an affiliate legitimately getting hold of this domain and changing it's use.

 

[wmarais]

I am the owner of

You do not have permission to view link Log in or register now.

and this issue is extremely irritating and damaging to the ethical Canadian casino affiliates. The www.casinotop.ca is especially damaging, it is dominating most of the high value keywords like "best online casino", "best online casinos" etc. I've done my part to report the situation to Google and CIRA. Hopefully we'll see something done about this.

 

[mrmark21]

The Palace Group involved in yet another spamming campaign? Can't say I'm that surprised considering the following thread on Spin Palace and their other casinos https://www.casinomeister.com/forums/threads/yet-more-palace-group-spam.49032/.

 

[Webzcas]

There are currently a bucket load of expired bought up domains appearing in the serps in Google. Which I am inclined to believe is what we are seeing in the main here.

So much for Google Penguin and Panda updates and their goal of cleaning up the serps. A lot of these sites have little in the way of content and are just designed to redirect traffic to gambling properties without providing anything resembling a resource.

I also would not be surprised if some gambling groups have a direct hand in this activity. For instance the Palace Group employ in excess of 200 people, with their number one core expertise being SEO, according to their parent company's website:

You do not have permission to view link Log in or register now.

 

[vinylweatherman]

There are currently a bucket load of expired bought up domains appearing in the serps in Google. Which I am inclined to believe is what we are seeing in the main here.

So much for Google Penguin and Panda updates and their goal of cleaning up the serps. A lot of these sites have little in the way of content and are just designed to redirect traffic to gambling properties without providing anything resembling a resource.

I also would not be surprised if some gambling groups have a direct hand in this activity. For instance the Palace Group employ in excess of 200 people, with their number one core expertise being SEO, according to their parent company's website:

You do not have permission to view link Log in or register now.

However, it looks like the cases highlighted here are hacked sites as well as possible expired domains. In many cases, the old content remains, and the gambling content placed alongside, or on top of, the old content. Surely buying an expired domain doesn't mean obtaining the copyrights enjoyed by the previous owner, so old content should not be left lying around.

As far as the general public are concerned, this looks like a major hacking incident because they can see that the sites affected have nothing to do with gambling. Even if what has been done is legit, it looks very bad in PR terms. Given that past incidents like this HAVE been identified as hacks or malware infected templates, it strengthens the view that this is yet another of these.

It even looks bad for Google as their results are even "dirtier" now than before the changes, which means legitimate webmasters are not getting a fair listing.

If this didn't defeat Google, it would not be done, whether by hacking or buying up expired domains.

One thing that would help would be to have an industry agreement among registrars and hosting companies that when a domain expires, the content will be purged when it is bought up by another party unless there is an agreement from the previous owner that the content itself should form part of the sale.

Google should also cut resold expired domains from it's search results altogether so that a purchaser cannot unjustly benefit from earlier rankings that have nothing to do with the current content of the site.


If this IS SEO by the operators, then they are guilty of deliberately freezing out their affiliates from showing up in Google searches. Coupled with one freezing affiliates' payments if they don't keep bringing new players, it places the affiliates in an impossible situation. They can't get into Google results because of all the black hat SEO, so they have to resort to similar black hat tactics in order to stand a chance of meeting the requirement to bring in new players so that their revenue from existing players is unfrozen. This is probably why Palace Group spam has gotten so bad, it's the only way affiliates can see to beat the black hat SEO that has frozen them out of Google, and they know that they are unlikely to get "busted" by the program which seems to have a lax attitude towards affiliates who spam.

 

[Webzcas]

I completely agree with what you have said VWM. My comment was not based on the examples listed in this thread, but in general with what I am seeing in the serps. ie hoovered up expired domains, benefiting from pre-existing links and on site seo to dominate a multitude of gambling related terms.

In the past well known gaming groups have been caught out using what at best can be described as 'dubious' seo techniques, just a search of the CM Forum will show this. Although I am not going to rake up old news.

Unfortunately, the problem is, the people and organisations behind what we are seeing in this thread will most likely have been very careful to cover their tracks. Because of this, it is very hard if not nigh on impossible to pin these activities to the individual(s) or companies behind these tactics. Hence people should be careful not to tar a group with a particular brush without cast iron proof.

That leaves us with one main option and that is report said sites to the Google spam team.

If this IS SEO by the operators, then they are guilty of deliberately freezing out their affiliates from showing up in Google searches.

Affiliates are a necessary evil. I would imagine ( Operators please chime in if you want to ) that most if not all do not like having to pay their affiliate partners. Indeed, some of the actions we have seen over the years ( Grand Prive, Palace Group etc) have borne this out to be the case.

Another thing is most if not all operators have clauses whereby affiliates are not allowed to bid on their brand names using adwords or similar, if you do they shut your affiliate account down. But, it is fair game for casinos to bid on affiliate site names.

 

[vinylweatherman]

I completely agree with what you have said VWM. My comment was not based on the examples listed in this thread, but in general with what I am seeing in the serps. ie hoovered up expired domains, benefiting from pre-existing links and on site seo to dominate a multitude of gambling related terms.

In the past well known gaming groups have been caught out using what at best can be described as 'dubious' seo techniques, just a search of the CM Forum will show this. Although I am not going to rake up old news.

Unfortunately, the problem is, the people and organisations behind what we are seeing in this thread will most likely have been very careful to cover their tracks. Because of this, it is very hard if not nigh on impossible to pin these activities to the individual(s) or companies behind these tactics. Hence people should be careful not to tar a group with a particular brush without cast iron proof.

That leaves us with one main option and that is report said sites to the Google spam team.



Affiliates are a necessary evil. I would imagine ( Operators please chime in if you want to ) that most if not all do not like having to pay their affiliate partners. Indeed, some of the actions we have seen over the years ( Grand Prive, Palace Group View attachment 39460etc) have borne this out to be the case.

Another thing is most if not all operators have clauses whereby affiliates are not allowed to bid on their brand names using adwords or similar, if you do they shut your affiliate account down. But, it is fair game for casinos to bid on affiliate site names.

Yet so far NO action has been taken against the affiliates hacking these sites highlighted in this thread. Only ONE rep so far has posted that they are "investigating", but we have the affy tags, so what is taking so long to reach a conclusion over the legitimacy of the SEO involved.

If a site has been hacked, then there is no "grey area", a crime has been committed (here in the UK at least), not merely a breach of contract.

Grey area or not, this is damaging the industry and in particular the brands being promoted by this method. The people behind this are unseen, it is the brands that are seen to be involved in this, Palace Group, Digimedia, and Fortune Lounge. They are all Microgaming, so they too will be tarred, even though they just supply the software.

Online gambling, through it's spamming and other SEO practices, is seen alongside Viagra resellers and penis pill purveyors as the type of thing any respectable vendor of security software would seek to filter out from users. Whilst the online gambling industry peddles it's wares alongside Viagra and enlargement services, they will struggle to be seen as a "respectable industry" outside of the player community. Many who don't play still see online casinos as a "scam" rather than a legitimate internet industry.

It looks like the affiliate programs are going to do nothing about this other than investigate and bury.

I am not sure about Google either, they are far too large to care about this niche to the extent that they will make major changes just to target this particular type of gambling SEO. Google might have taken action had the hacked sites presented the gambling banners even on searches without casino related terms.

 

[Webzcas]

Online gambling, through it's spamming and other SEO practices, is seen alongside Viagra resellers and penis pill purveyors as the type of thing any respectable vendor of security software would seek to filter out from users.

Agree completely with this. Hence I never tell people I work in iGaming if asked what I do for a living by people I meet who do not work in the industry or play online. Gaming online is generally perceived as a bad thing morally by most.

 

[mercyme]

Why not start a report hackers forum, where hackers sites are displayed and affiliates can submit spam reports.