Your Fly Is Open

Netmenaces and Other Internet Stupidity

Opimized and Improved

2024-11-10 3 min read Attacks

I’ve contacted them several times.

I’ve talked about it on LinkedIn and publicly called them out on this issue.

The U.S. Department of Commerce and Tyler Data & Insights still have a website chock full of pages used to boost SEO for online no-prescription-needed pharma.

I may be too harsh. Addressing this issue must be much more complicated than I imagined.

I decided to examine the website more closely to get a better idea of what was going on.

The website in question is here.

When the page loads, I see a button at the top promising improved experience and performance. “Improved” is a no-brainer, so I click through to see the results. (I applaud any attempt at improvement—good on you, random government web developer.)

Let’s look at what they describe as the “new Catalog experience,” shall we?

I’m excited. Are you excited?

(Note: I am a bit concerned about the odd capitalization of Catalog. Is that necessary? But still, I’m excited.)

My first thought on why removing the pharma-SEO pages was complicated was that they were just tiny bits of chaff found scattered amid a plethora of wheat. Someone has put great effort into optimizing this page; it says so at the top. These changes must’ve been necessary to allow us to search through an enormous data catalog (uh… sorry… Catalog), of which the un-cleverly disguised fake datasets cum pharma-SEO is a minuscule portion.

Wait.

What’s that I see?

With no search filters, the search page returns ninety-eight results.

Only ninety-eight datasets?

It’s not my place to question what someone chooses to improve and optimize, but really? This site?

Wait. Let’s see how much chaff there is when compared to the wheat.

There are only ninety-eight datasets. I can do this by hand.

After clicking through an exhausting ten pages of results (with a break for some water—always stay hydrated), I counted thirty-one bogus pages (Twenty-nine selling no-prescription pharma, one selling a V-Bucks generator, and a test page—aren’t scammers just so frickin’ cute when they act all business-like and test stuff?).

Thirty-one out of ninety-eight.

I have a fascinating idea that can improve and optimize this website by 31.6%. Best of all, it doesn’t require any changes to the website code.

Can you guess what it is?

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter (yes, I know… X): @tliston
November 10, 2024

P.S.: The issues listed in this blog entry were current as of the date this was published, November 10th, 2024. I sincerely hope they won’t exist for long.

Rant Stoopid Uh-Oh
© 2024 by Tom Liston
Bilberry Hugo Theme