Into the Dark: Unveiling Internal Site Search Abused for Black Hat SEO
Yunyi Zhang, Mingxuan Liu, Baojun Liu, Yiming Zhang, Haixin Duan, Min Zhang, Hui Jiang, Baidu Inc, Yanzhe Li, Fan Shi
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk, presented by Yiming Zhang from Tsinghua University and a collaborative effort with researchers from Baidu Inc., introduces and thoroughly investigates a novel **black hat SEO** technique termed **Internal Site Search Abuse for Promotion (ISAP)**. ISAP exploits the internal search functionality of high-reputation websites to inject and promote illegal services, such as online gambling or adult content, within legitimate search engine results. The researchers highlight ISAP's low cost, high effectiveness, and widespread impact, revealing that it does not require domain registration or website compromise, yet successfully manipulates search engine rankings across major platforms like Baidu, Google, and Bing.
AI review
This research uncovers ISAP, a genuinely novel black hat SEO technique exploiting internal site search on high-reputation domains to promote illicit content at scale. The team's systematic study, a two-stage BERT-based detection scheme, and large-scale deployment at Baidu expose a pervasive threat with millions of affected URLs and user clicks, offering critical, actionable mitigations.