Today I came across a bunch of slimy mashup sites that combine images from Google Image Search (your images) with affiliate ads. The attempt is to try to make it look like a legitimate directory or search engine for the topic but what's happening is your images are being used without permission and being attributed to other sites.
CAUTION: Some of the links below may try to inject a worm or trojan.
Go to one of the sites here:
The images are directly from Google Image Search for "Digital Photography":
Here's the URL to the images from that page:
http://images.google.com/images?q=tbn:RaA8sUkYvwGMCM:Same crap going on from this Polish site too:
http://buy-xenical-us.qo.pl/Note that the domain EUC2005.COM is a dummy domain, it's actually pulling up searches in a frame from this site:
Just for giggles, I did a search for PHOTO.NET in their little search window to see what came up:
Here's the same search in Google Images:
This mess all seems to be hosted on theplanet.com, big shock, on at least 4 servers that I can find, click the IP below for a list of domains:
Now let's see who appears to be behind this mess:
Domain ID:D128714698-LRORSomeone else has our copyright infringing buddy listed in an MVPS HOSTS file for some bad things as well:
Created On:11-Sep-2006 11:05:33 UTC
Last Updated On:11-Nov-2006 03:50:00 UTC
Expiration Date:11-Sep-2007 11:05:33 UTC
Sponsoring Registrar:Direct Information PVT Ltd dba PublicDomainRegistry.com (R27-LROR)
Registrant Name:Soodkhet Kamchoom
Registrant Street1:2002 E. Tamarack Road
Registrant Postal Code:73521
Registrant Phone Ext.:
Registrant FAX Ext.:
# [Soodkhet Kamchoom]Now let's see where the base of search operations F-MF.ORG resides:
127.0.0.1 dinet.info #[Trojan.Win32.Small.EV]
127.0.0.1 eqash.net #[eTrust.Win32/Secdrop.JU]
127.0.0.1 linim.net #[eTrust.Win32/Secdrop.JU]
127.0.0.1 nwframe.net #[Win32/Nitwiz.A]
127.0.0.1 zllin.info #[MHTMLRedir.Exploit][Win32/Dialer.KM]
host F-MF.ORGI looked at the adjacent server IP 188.8.131.52 and BINGO! there's some of the domains listed (in bold) in the MVPS HOSTS files, amazing isn't it?
F-MF.ORG has address 184.108.40.206
OrgName: ISPrime, Inc.
Address: 25 Broadway
Address: 6th Floor, Suite #2
City: New York
NetRange: 220.127.116.11 - 18.104.22.168
alllinx.infoThere's obviously more, but I'm bored chasing this idiot at this time, maybe later.
I've been advocating everyone block access from known datacenters and proxy servers for quite some time to stop scraping and other abuse so had the Googlers listened, and I know they heard me, this abuse wouldn't be happening right now and webmasters wouldn't have to deal with this level of abuse.
Sorry to say, I'm going to have to add this line to all my robots.txt for Google, Yahoo and MSN until they resolve this vulnerability:
Disallow: /images/Why won't they listen when I explain what the vulnerabilities are?
Why must we the webmasters have to deal with this garbage?
Firing up the DMCA letters now, several search engines and ISPs are about to be served...
If your images show up on their pages, join me in fighting this good fight.