My colleagues and I just made an interesting discovery in the Google Search Console.
For one of our sites it showed a lot of links where a search query parameter was injected. The parameter looks similiar to "?=hack anyone's snapchat,【2024 TelegramChannel:Kunghac】[...] snaphack online [...]". The full parameter list can be seen in the GitHub Gist[0] below.
My first action was to search through all of the code and the database for specific words from the parameter, but I couldn't find anything.
Afterwards I searched Google for
1. google search console "snaphack" (3.530 results)
2. "Kunghac" (21.900.000 results!)
I was surprised to see a lot of results where similiar parameters were attached, always linked to the search query parameter (?q, ?search, ?s, ...).
For the first result even dev.mysql.com was listed on the first page.
If you actually use this search parameter, it is indeed someone injecting some information to steal your search rankings for their own good. They can just arbitrarily generate this and add links to other sites, so Google will eventually index it. To prevent this abuse, you could return an HTTP error code when the search result is longer than X characters, includes braces, and so forth.
If you don't use any search parameter or they don't use the one you are using, I would recommend adding a [canonical meta tag](https://en.wikipedia.org/wiki/Canonical_link_element) which signals to Google that only a specific version of a site is the source of truth. For example, adding a canonical by removing the query string from the current URL, example.com/page?foo=bar and example.com/page would have set the canonical value to example.com/page. So even if people link to specific parts which includes an arbitrary query string, Google will only index the one you specify without the query string, and these links you mentioned will not do anything (except potentially showing up once or twice in your analytics software).
It's possible that a bot is doing one of a few things here:
1) They are trying to generate search pages on your site for the injected parameters, making the assumption that "?=[injected terms]" will trigger your internal site search. As you note the most common search parameters are being used here. Some sites take commonly searched queries and generate permanent pages for them periodically, just to force Google to index them. However, Google can and will index a page a that is a dynamically generated internal search result even without a site creating a permanent page like this.
The benefit to the scammer is that they can get free advertising for their Telegram channel whenever people search for "hack snapchat" and related queries.
2) Even more directly, they are trying to advertise to you. In this case, due to the nature of the product/service (a Telegram channel about Snapchat hacks) I don't think this is the case. However, in the past blackhat and greyhat SEOs and Marketeers have used tricks like this to make Google Analytics Reports and Search Console reports be filled with advertising phrases for the site owner's eyes only. Things like false UTM parameters, or totally made up hostnames, and so forth. All filled with 'check out www.blackhatsite.com to get to rank 1' etc.
On balance I think this is scenario 1: they're manipulating the search engine via injecting your site with search terms that nobody is actually looking for. I don't think there's much of a problem though.
The Telegram channel is not a website and so no rankings are being manipulated. The search results you looked for are not popular, so there's no competition here. If there were then this tactic would likely drop off completely. And it's super easy for Google to ignore any impact of these results anyhow, they're long, predictable, and highly anomalous in terms of several characteristics. Google will see low engagement for the terms, and will see more pages existing for them than queries being made by non-bots. They likely already stick out like a sore thumb to Google.
I'm now using atuin for shell history and fzf for fuzzy completion[0], works awesome! As Shell I use zsh with some plugins managed via antigen on my Linux Mint default terminal.
Just created an account on HN to say that all the JetBrains Products I used are outstanding! I switched from Atom to VS Code and since nearly 4 years I have a IntelliJ IDEA Ultimate subscription which is worth every penny.
By the way: JetBrains is also working on a more lightwheight editor called Fleet which seems to be comparable with VS Code, at least visually. There's already a product page for that at https://www.jetbrains.com/fleet/
For one of our sites it showed a lot of links where a search query parameter was injected. The parameter looks similiar to "?=hack anyone's snapchat,【2024 TelegramChannel:Kunghac】[...] snaphack online [...]". The full parameter list can be seen in the GitHub Gist[0] below.
My first action was to search through all of the code and the database for specific words from the parameter, but I couldn't find anything.
Afterwards I searched Google for 1. google search console "snaphack" (3.530 results) 2. "Kunghac" (21.900.000 results!)
I was surprised to see a lot of results where similiar parameters were attached, always linked to the search query parameter (?q, ?search, ?s, ...). For the first result even dev.mysql.com was listed on the first page.
Maybe someone here knows what's going on?
[0]: https://gist.github.com/RafaelKr/c418fc2a0a5410ae746b49f4fff...