The first thing I noticed was the unfortunate title tag and snippet. However, things got stranger when I clicked through to the site. Before I go on, I should say that before it was bought by Microsoft, Farecast was an SEOmoz client. They aren't anymore, but the fact that I'd worked within the niche and with this site before was what caught my attention.
The page loaded, but I definitely didn't recognise the content as belonging to either Farecast or Microsoft.
The page loaded, but I definitely didn't recognise the content as belonging to either Farecast or Microsoft.
Refreshing the page brought consistently different results. Here is a sample:
Each refresh brought up another strange page, including several error pages. Attempting to complete a search on a page that did load properly was also impossible. I wondered what would happen if you visited Farecast's previous domain: Up until a few minutes ago, www.farecast.com was not redirecting to farecast.live.com for me. Without the www, it was redirecting. It appears to be working now.
Web-Sniffer's results were also amusing, as refreshing farecast.live.com's Web-Sniffer result brought up alternate pages on every attempt as well. Whilst the strange, rotating content was interesting, the fact that the parked page showed up was more so. Suspecting that this was a DNS error of Microsoft's making, Rob wondered if he could add Live.com to his list of parked domains. He could.
Web-Sniffer's results were also amusing, as refreshing farecast.live.com's Web-Sniffer result brought up alternate pages on every attempt as well. Whilst the strange, rotating content was interesting, the fact that the parked page showed up was more so. Suspecting that this was a DNS error of Microsoft's making, Rob wondered if he could add Live.com to his list of parked domains. He could.
Holy Christ. Sedo thought that Rob owned Live.com and was crediting him with the commission from the page. The conversation went something like this, with a couple of edits:
23:02:05 Rob: oh s**t!
23:02:23 Rob: "Live.com has successfully been added to your parking account"
23:02:28 Jane: no
23:02:29 Jane: f***ing
23:02:29 Jane: way
23:02:23 Rob: "Live.com has successfully been added to your parking account"
23:02:28 Jane: no
23:02:29 Jane: f***ing
23:02:29 Jane: way
A couple of weeks ago, Duncan wrote about Apple.com and the localisation issues they have in using Akamai, whose load-balancing system results in solely U.S. content being shown to Googlebot. Akamai serves content based upon location, and it seems that someone at Microsoft added a Sedo IP address to the routing system Akamai employs.
Since earning income in this manner is well and truly illegal, Rob emailed Sedo immediately. The traffic and commission has stopped and the problem appears to have been rectified. Similarly on Microsoft's end, farecast.live.com now resolves correctly.
Because Rob can explain this stuff far better than I can (although he's promised to teach me if I continue buying him pints of Guinness), I'll let him spell out what happened:
Since earning income in this manner is well and truly illegal, Rob emailed Sedo immediately. The traffic and commission has stopped and the problem appears to have been rectified. Similarly on Microsoft's end, farecast.live.com now resolves correctly.
Because Rob can explain this stuff far better than I can (although he's promised to teach me if I continue buying him pints of Guinness), I'll let him spell out what happened:
It appears that Microsoft is using Akamai for their DNS and Content Distribution Network on farecast.live.com. This usually involves either the service provider caching a copy of their client's content on globally distributed servers to prevent server overloading, or filtering out the requests between the client's servers in order to balance load. My best guess is that a Microsoft employee has specified an IP address belonging to the domain auction and parking provider, Sedo. Sedo's parking servers are designed to allow any domain name to point to them (in this case the subdomain farecast.live.com) and serve appropriate adverts for the domain.
Oh, the consequences of not keeping a close eye on your sites, especially if you're a big site and are ranking for some money keywords. Maybe Live can be pleased that Rob and I came across this and not someone just a little bit more sinister.
All credit goes to Jane for finding and investigating this issue, she did a fantastic job and I'm very proud of her. I just want to re-iterate for those who may have misunderstood this article that we did not hack Live.com or Akamai in any way, the issue already existed and we worked to help the b0rg out. Below is the email I sent to Sedo:
Hi,I noticed that a popular subdomain on live.com (owned by Microsoft) was sending some of its traffic to a Sedo parking page. This was clearly a DNS error at their end and not intended, so I investigated further.In order to verify whether this had been a malicious action, I added live.com to my domain parking list on Sedo to see if someone had already claimed it (and therefore changed the DNS on purpose). As Sedo accepted my request to add live.com, I verified that this DNS issue was accidental and not an attempt at hacking. As a result of my test, Sedo has assigned me commission for the clicks and traffic earned whilst carrying out the investigation.My investigation concluded that a Microsoft employee had accidentally added a Sedo IP address to their Akamai IP routing system, resulting in the incorrect resolution to Sedo whilst load balancing traffic. This issue now appears to have been rectified, as commission and traffic to my account has ceased. I would like to request that you remove the commission earned during this test from my account and preferably donate the tiny sum, along with any other commission earned by Sedo from the live.com subdomain before I added it to my account, to a registered charity of your choosing.I would alse like to stress that I am an ethical security consultant and my actions were purely of the intent to warn and advise the parties involved.I thank you for your time and look forward to hearing from you.Rob Kerry
Nice catch guys and a fantastic working example of how to think outside of the box.
Honourable email Rob.
Were you laughing when you wrote this, "I am an ethical security consultant"?
i laughed when i read it... :)
Good man. I'll buy you a beer
how could something like this happen ? "My investigation concluded that a Microsoft employee had accidentally added a Sedo IP address to their Akamai IP routing system" I am not a pro on DNS issues, but was this done manually ? could it have been done intentionally to get the commission for the clicks ?
It was simply a mistake, probably a typo on an IP address. Nobody had claimed the domain on Sedo before me and therefore could not earn commission off of the parking page. It only takes a dodgy copy-paste to miss a digit off the beginning or end of an IP, and there's a good chance that the typo IP would still resolve.
thank you for your explanations EvilGreenMonkey. Very helpful indeed!
Good Job here. The only thing I see missing from this email was a link request. The least they could do is thank you with some prime anchor'd links as a security consultant.
Cheers,
@trontastic
Thanks, Rob! However, you will agree that I couldn't have worked out what was going on without your help. And I wouldn't have through to attempt parking the domain. I did have a giggle at "security consultant" though :P
In case you're worried about something similar happening to you, I'd highly recommend using a website uptime monitoring and website changes monitoring service. Hacked or incorrectly resolving websites can result in a devastating effect on your rankings, traffic and brand.
"I checked your account and see that the domain was still in our ownership verification process and had not been fully added to your account. The domain has now been rejected, as you are not the owner, and any earnings resulting from this have been removed."
- Sedo is keeping the cash!
maybe someone who's reading SEOMOZ told them about the post, and therefore they reacted as if they had seen the issue by themselves. ;)
Sedo are naughty! Did they even say 'Thanks' ? OOoh I have a favourite three syllable word I could use but won't use here to describe them ;)
Wow - unbelievable. Great work - shame SEDO are being predictably poor players. Just wait 'till they made a DNS mistake..!
I'm laying odds that Slatten went back to do a quick search of "cheap flights" just to make sure the door had been closed.
Ha ha ha!
That makes today's twitter conversations make so much more sense! Nice catch and release you two. This is a prime example of how a black hat could have taken Live.com for a ride. I'm glad to see there are people like you two out in the world finding these issues and rectifying them. Props to Rob for donating the proceeds. :)
Get to the part we all want to know! How much did Rob make... and did he get to keep it? =)
It was a very small sum, given the very small time-frame the account was working, and he requested it be donated to charity :)
I understand the SphinnCon Bar Fund (SCBF) would be a good charity for situations like this.
May I suggest...
Awwww, Rob could have funded the biggest LondonSEO p*ssup of all time had he left it up for a day or two.
[edit]Written before I clicked Jane's link.[/edit]
It was a very small sum, given the very small time-frame the account was working, and he requested it be donated to charity :) That's awesome. I think there's a lesson here that all of us can learn from: Black hat SEO makes the World a better place.
I'm going to guess that Rob had his white hat on today!
That's too bad. Just think of how many starving children he could have saved, if only he had let the account keep going into black hat territory.
Or starving SEOs, in need of Guinness. To think they were euros, too.
He he he - I hear that people are using comment spam to feed starving children... Darren, maybe you should too...
Or the starving interns...
couldn't help myself
Extra space added for emphasis
Maybe if you kept your crazy spacing in check, your employer would feed you more.
Brilliant. Seeing global-level screwups from companies like this always make me smile.
I'm looking forward to the next 'I brough down a global empire' installment. :)
I'm ready to drop catch Google.de next time MarkMonitor screw up again ;)
MS seems to be good at global level screw ups.
I used to like farecast and used it quite a bit....Let's see what happens when they try to windows-ify the site and ruin its usefulness...
lol.. shh..
So Rob... what was the traffic like? :P
Good catch guys!
Good catch guys! What the hell is THAT, Bolsinger?! I clearly see two spaces between "Good" and "catch." You need to work on the quality of your content. That's just despicable.
Uhm...excuse me if I like to excessively space. I'll try to work on tailoring my content to your liking in the future :P