Cloudflare Hacked Machines & Spam

Hi,

Please do a search for the keyword “PCH” in the past hour on google. There are thousands of hacked machines MANY ON CLOUDFLARE that are flooding my niche with spam. The keyword “PCH” seems to be one of the easiest to find these. See here:

https://www.google.com/search?rlz=1C1GCCA_enUS802US802&biw=1920&bih=937&tbs=qdr%3Ah&sxsrf=ACYBGNRdddd353309&ei=mdjnXaStEsjc-gS6xa_oCA&q=pch&oq=pch

Look for any of the domains that have a non www subdomain and a weird extension on them.

Can Cloudflare do something to prevent this from happening? There should be an easy pattern. I can paste over 1,000 links in the past week if you would like to help with investigation.

Please fix this problem.

Some example domains:

wrkd.brainweb.it
pnht.confidiadriatico.it
mhro.floradellavaldipeio.it
cnpi.indiansunset.it
atly.hausmeister-ffo.de

etc. etc. etc.

That is something for Google to fix in their ranking (if it needs fixing).

Also, the search doesnt really return the links you were referring to for me.

What about all of the Cloudflare Customers on these IP Address’s that may receive penalties from the action Google takes to prevent this spam?

Sure, Google needs to address this problem. Hopefully when they address it they don’t just wipe out all customers on the ip address range.

Seems this would be a high priority to fix if it was my network.

It’s ok to use Cloudflare to cloak and spam into Google? That’s Google’s problem?

https://www.google.com/search?q=site%3Aosqk.occhiobiancogiuseppe.it&rlz=1C1GAAA_enUS802US802&oq=site%3Aosqk.occhiobiancogiuseppe.it&aqs=chrome..6933333i58.1119j0j7&sourceid=chrome&ie=UTF-8

Which action would you like Cloudflare to take and based on what?

I am afraid that is not how it works. IP addresses are not part of the equation.

Well, if I had access to see how these were being setup… maybe the action they need to take is to stop or prevent that way for these to be created. Maybe a Simple Captcha on a specific part?

They could also do things like determine new traffic to a newly created subdomain and alert the cloudflare customer of a potential security breach and use basic preg_match rules to determine these links.

There is lots of things that can be done, but none of them involve doing nothing.

I thought this needs to be brought to your attention.

“I am afraid that is not how it works. IP addresses are not part of the equation.”

How do you know? Are you speaking for the current moment or something you heard Google officially say?

I’ve seen different results, from changing IP Address’s personally myself.

Because Google does not work with IP address, but thats really not relevant for this.

The question is, which action should Cloudflare do and based on what. If these sites contained dubious software Cloudflare could suspend it (respectively Google will include them in the Safe Browsing list). As that does not seem to be the case there is little anyone can do.

Maybe Google provides some tool to report such sites to them, but that would be a question for Google.

So just to confirm, it is OK for Cloudflare customers to create Spun Text and get it indexed on Google and Cloak the Link to an affiliate offer. This is Google’s problem and they should fix it on their end?

Cloudflare does not control content unless it violates the law or poses a threat to network security.

Many of the links being redirected to try to get you to download a “chrome extension” that is a virus.

Can you post a sample link?

You will need to click from Google for any of them. If you try the first link I sent, clicking on a few you should find one. If you don’t come from Google or a search engine, many times will see a 404 page. It’s all cloaked traffic.

In that case you can report such links at https://www.cloudflare.com/abuse.

Not much more the community can do I am afraid.

1 Like