SECURITY UPDATE: Are Dixon's Dirty Spammers ?
It become apparent during discussions of this "SEO done badly saga" that a bad piece of SEO can give rise to horrendous security problems.
The script that I originally identified as a bad SEO tool worked on the basis of a paramater in the URL being the keywords that you want a page generated for.
Unfortunately not only was this a poorly conceived SEO campaign but also a dangerous one as the script itself was terribly written and did not check nor validate input. This means that a carefully constructed URL would allow cross site scripting attacks to take place.
A hypothetical situation (that potentially may have already taken place) is one where you receive an email from what purports to be from The Link offering an amazing deal on a cutting edge mobile phone. You simply need to click the link in the email and off you go to purchase that great phone at a great price.
But as you are a clever, savvy and intelligent person you decide to undertake some good basic security checks to make sure that you are not the victim of a phishing attack. You check the URL and see that it is indeed from within the legitimate www.thelink.com site.
Because you have checked and verified the authenticity of the link you proceed to the site fill in your name, address, credit card and CVV number along with your mother's maiden name and date of birth as a security measure.
Unfortunately the browser has had the contents of its document object model rewritten and although the browser says you are on a page at www.thelink.com and indeed you actually are, the content is being servered from some nefarious rogue gangster intent on stealing your identity, your credit card details.
Thankfully and sensibly the Dixons Group have taken this page off of their site, but the question has to be asked - Why on earth was a company like DSG, with the greatest brand in electronics in the UK undertaking terribly conceived and dangerously implemented attempts at SEO that may well have cost many people lots of money, hassle in opening them up to potential fraud?
As the page has now been taken down I have included below links to some of the screenshots that Threadwatch members have taken (Thanks ChrisG)
Much has been spoken about search engine spam. Google, Yahoo, and MSN all make their guidelines publicly available for anyone to see what is seen as acceptable (and what is not) in trying to optimise your site.
Anyone who operates outside the scope of those guidelines is effectively a search engine spammer. Someone who is trying to raise their site's profile in the engines using techniques the engine's themselves would prefer you didn't.
Now just because the search engines say they don't want you to do it, doesn't mean some techniques don't work in increasing your search visibility. Many webmasters the world over undertake tactics that the engines would prefer they didn't yet they still see an increase in their rankings because of it. Almost all of these webmasters understand that if they "live by the sword, then they die by it" and the site could be detected at any point in time and banned by the search engines forever.
Dixons Group has more than 1,400 stores across the UK, Ireland, the Nordic countries, France, Spain, Italy, Hungary, Czech Republic and Greece.
It trades as Dixons, Currys, PC World and The Link in the UK and Ireland, Elkjøp in the Nordic countries, PC City in Spain, France, Italy and Sweden, UniEuro in Italy, Electro World in Hungary and the Czech Republic and Kotsovolos in Greece.
The Group specialises in the sale of high technology consumer electronics, personal computers, domestic appliances, photographic equipment, communication products and related financial and after sales services.
As a company they aren't doing too badly
Dixons main business is in the UK and they operate a few brands.
- The Link - A Mobile Phone Retailer
- Dixons - General Electronics Retailer
- PC World - Computer Specialist Retailer
- Currys - Brown & White Goods Retailer
Whilst looking for a new Nokia 8800 mobile phone to buy (hey I am a Chav!) I stumbled across some shady spamming from The Link. It seems that Dixons Group think that their Link Store is a dirty spammer's den!
Upon further investigation it seems that every one of Dixons web sites in the UK have undertaken spam techniques the engines would not be happy with. Unfortunately for Dixons though whoever undertook them on their behalf either has extremely large balls or is very silly indeed.
Dixons Group I have some tips for you.
I do not suggest you identify your SEO efforts quite so blatantly.
Think twice about how you use hidden links
Don't give away the opportunity to plead ignorance by stating in your code certain pages are for spiders only
tagVars +='&SESSIONVAR!CurrentPage=spider-page-half price line rental'
Don't give me the opportunity to say things like Expensive Useless Warranties on your site
And whilst you're at it don't put light grey text links on a white background, to these automated pages. At least use some IP delivery!
But most of all Dixons.......
Think twice before you undertake grey to black hat SEO, as I truly believe this is the case of a large company doing SEO badly.
Search Engine Optimisation is as much about understanding the risks to your search engine positions and your brand if it goes wrong, as well as knowing what works and what doesn't. Undertaking a dirty SEO campaign as you have done means you leave yourself open to be caught.
You're not a small company, you're not a stupid company, you're not a poor company. It appears that either you have outsourced your optimisation to a company specialising in PHP or an in house team and they have been tasked them with fixing the problems your session ids and other "SE Unfriendly" parts to your site have caused.
With respect to whoever did the work, and with greater respect to whoever made the decision to sign this work off, they either have balls of steel or are so ignorant of the goals and industry they wish to operate in that questions (from both a business and SEO point of view) should be asked.
I phoned the DSG press office and spoke to Kellyand then Ruth of their Corporate Communication team, after waiting and not getting a phone call back I have decided to post this topic. I tried to give DSG the right to reply but it seems other things were more pressing of their time.
Dixons, if you change your mind you know my number. I look forward to speaking with you.