Protect Your Company From 'Cache Bashing'

It's not enough that you have to install firewalls, antivirus programs, spam filters, and adware cleaners on all your PCs -- now you have to guard against something called 'cache bashing,' too.
It's not enough that you have to install firewalls, antivirus programs, spam filters, and adware cleaners on all your PCs — now you have to guard against something called "cache bashing," too.

If it's important that your company be findable when potential customers look for your topic in search engines — and what company doesn't care about that these days? — you'll want to know how this works and how to protect yourself.

Allow me to explain.

Cache Bashing for Fun and Profit

The latest Internet threat was discovered during a new contest to see which Web sites could be forced into a top ranking in's search pages for a particular nonsense term. This little game is called Google bombing.

Google bombing requires the cooperation of a number of different Web pages. If they all link to a specific Web site using a particular set of words, Google will soon rank that site very highly on searches that use the exact same words.

This fact has given us searches like miserable failure, for which the first search result became the Web site of the White House. Turning the tables, conservative groups then created links so that the first search result for great president was a biography of George W. Bush.

That's all great fun. But the latest experiment has shown a much darker side to Google bombing. This problem can very negatively affect the search-engine rankings of your company.

Google Bombing for Prizes. Professionals who advise companies on search-engine positioning, which is known as search-engine optimization (SEO), were challenged to a duel on April 30 by SEO consultants at SearchGuild and Dark Blue. Whichever Web site showed up on June 7 in Google's No. 1 spot for a made-up search phrase would win an Apple Mini iPod. The No. 1 site 30 days later, after Google had presumably tweaked its ranking formula, would win a 17-inch Sony flat-panel LCD screen.

High Rankings for "Nigritude Ultramarine." These weren't especially luxurious prizes, to be sure. But they were enough to start a kind of feeding frenzy among a subculture of SEO hackers. The chosen phrase for optimization was "Nigritude Ultramarine," two words that mean "the state of being black" and "vivid, purplish blue." By last week, there were at least 377,000 Web pages containing that exact phrase, according to the search results page at Google. Before the contest started, there had been none.

The Dark Side Strikes Back. One of the highest-ranked Web pages for a time was a competition entry posted by This New Zealand-based restaurant reservation site has a sideline business in SEO consulting and entered the contest as a lark. Suddenly, the page's ranking in Google's listings plummeted from 3rd to 103rd in only three days, according to Garrett French, the editor of the e-commerce forum WebProNews.

What had caused such a sharp dive so quickly? French says that a programmer called BlueFalcon had found a way to use Google's own API (application programming interface) to sharply penalize his competitor's entry in Google's rankings.

Your Cache Can Be Used Against You

To accomplish cache bashing, the attacker uses a link at Google that leads to a cached copy of your company's Web page — as it looked when Google most recently indexed it. Your nemesis then posts the copy of your page somewhere on a site that has a higher "page rank" at Google than your site does. Because Google eliminates from its index any pages it finds that are simply duplicates of other pages, your company disappears from or is strongly penalized in Google's rankings.

This kind of black-hat optimization has been possible before. An attacker could simply copy any page of your site that he or she visits. But you were previously able to defend against this. When you detected the creation of duplicate pages, you could ban the offender from visiting your site again, using the IP address from which the original visit occurred.

Since a cache-bashing attacker gets copies of your pages by visiting Google's own cache — not your site — banning offending IP addresses no longer works.


How can your company protect your rankings in search engines from being destroyed by cache bashing? Since this kind of attack is new and still fairly rare, I wouldn't recommend that you take any action unless you detect that it's actually happening to you. If it is, the only defense at this time is to configure Google not to make cached copies of your Web pages available. This is simple to do, as explained in Google's help file.

Having a low ranking in search engines isn't the worst thing that can happen to your company. But now you know that it's one more Internet exploit you need to watch out for.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.