I recently moved the server hosting this site and my photoblog to a new Linode. About time too as the old one was full of cruft built up over a decade of upgrades. It had finally reached the point where I had trouble finding new dpkg files for software that wasn’t as ancient as my installation. Updates would stop in the next year or two as well, which was a huge problem.
When I did move, I pointed the DNS at my new server and all seemed fine. That is, until I saw an email from Google on Friday saying a new user had been added to the search console for www.inphotos.org!
I don’t use the www hostname on any of my sites, and didn’t actually have a search console property set up on that site. I don’t remember now if I had to create one, but when I eventually logged into it, I found an “Ian Trader” already in there. He was a validated user, too.
He had been allocated the IP address of my old server. He saw that www.inphotos.org still pointed at it and asked Google to validate his ownership by uploading a HTML file to his server.
Yikes! Quick as I could, I checked the DNS and found that yes, www.inphotos.org was still pointing at my old IP address! Damn.
Fixing it was fairly easy, I thought. I removed that user, and removed the www hostname.
However, Ian had one more trick up his sleeve. He had put a sitemap on www.inphotos.org, and it led to 129,864 fake links that Google could not index.
It looks like he was setting up a malware server with the names of books on each page:
/c/pdf/upload?PUB=new_apostolic_church_hymn_collection_songs&blackhole=017
/c/pub/go?EPUB=hawker_battery_charging_instruction_manual&daily=034
/c/pub/list?BOOK=a_shade_of_vampire_7_a_break_of_day&dua=047
/c/pub/list?EPUB=ib_vietnamese_past_paper_2013&monument=094
/c/pub/list?PDF=lowepro_user_manual&codevember=001
/c/pub/list?PDF=suzuki_swift_owners_manual_2009&bubbley=087
/c/pub/upload?PUB=caravaggio_ediz_illustrata&particles=015
/c/pub/upload?PUB=mi5_and_me_a_coronet_among_the_spooks&sassy=021
/c/pub/url?BOOK=radiation_detection_and_measurement_solutions_manual&delapan=081
/c/pub/visit?EBOOK=mercruiser_hp_engine_manual&daily=009
/d/book/data?PUB=gossie_and_gertie_gossie_friends&particle=016
/d/book/file?DOC=engine_repair_manual_for_f550&dribbble=005
I fixed those with some simple mod_rewrite rules, so visiting those URLs should take you back to the homepage. Google is validating my fix now. Besides, that fake sitemap is gone, so I expect Google to forget about them soon, I hope.
So, when you’re moving websites around, make sure you update all the DNS records for your sites. I may not have noticed for a good while if he had set up the redirect scripts on his server correctly and didn’t go into the search console.