Getting Easy .gov Links in a Few Minutes

21st August 2006

When I saw the title of an SEOmoz blog post in my feedreader, I tried to make it the first story of the day. When I clicked to read it however, the article was gone. Hoping to read the cached copy, I searched on Google, but the text was not found.

Still, I was able to find it, and it was an interesting read. It was a “black hat” (claimed as research) step by step demonstration of an exploitation known as “URL injection” where it’s possible to use a websites own “search form” to create links on their site, pointed wherever they like.

The author gave 20 examples of having actually done so, on various government websites from the EPA to NASA, and the links are still there. At the Library of Congress, he even added a funny photo too.
The last paragraph of the story probably sums up why it was removed, where the author points out that if you can add any pictures and text you like to an official website, then it would be relatively easy to make up a phishing scam, posting the stolen data to the bad guys’ server, and the user would never even know they’d been scammed until it’s way too late.
This blog post was clearly a case of providing too much information that could be used for evil, and “hats off” so SEOmoz for removing it. Unfortunately, if I could still find it, so can the bad guys.

I’m not providing the link to the story for obvious reasons…

***update - They have put the post back up after checking with their attornies, but I have to disagree with this course of action. Just because you can legally  tell someone exactly how to build a bomb, doesn’t mean it’s the right thing to do. It should generate a lot of inbound links though for SEOmoz…