256 Kilobytes

Intricate Tumblr Spam Used to Manipulate Google Search Results. Are spammers impersonating you?

Articles in Search Engine Optimization | By August R. Garcia

Published 4 months agoSun, 24 Feb 2019 10:09:51 -0800 | Last update 4 months agoMon, 25 Feb 2019 16:15:13 -0800

Have you ever changed your Tumblr username? Has it been over a year since you last logged into your account? A Ukranian might be using using your username to sell the Best Cheap Viagra Online.

1,467 view, 1 RAM, and 0 comments

Have you ever changed your Tumblr username? Has it been over a year since you last logged into your account? A Ukranian might be using using your username to sell the Best Cheap Viagra Online. Case in point:

Expired Tumblr Before and After Comparison .GIF

What exactly is this? Did the hacker known as 4chan type “hack --mainframe --tumblr” into Command Prompt? Was the old owner paid to post spam? Is this magic?

Are these Tumblr accounts hacked?

Not exactly. Certain inactive Tumblr accounts have their usernames released to the public, allowing other users to register those previously-used usernames. These usernames (and their associated [username].tumblr.com blogs) are being re-registered used to sell every random product you could imagine--corporate surveys, fake World of Warcraft hacks, bootleg Gucci watches, and not to mention inconspicuous day-to-day products sold for assorted affiliate marketing programs.

What old Tumblr subdomains are available to be re-registered?

There are two types. First, when usernames are changed, the old usernames (and therefore the associated [username].tumblr.com subdomains) are available for registration by other users. As mentioned in the Tumblr documentation on changing your username and it’s associated URL, “changing your URL will break any existing links to your blog, including those in already-published Tumblr posts and reblogs.”

More substantially, accounts that haven’t been logged into for over a year have been released for re-registration in the past. The implication is that--while username changes are relatively infrequent--these bulk username releases are on a much larger scale, which makes this approach to webspam particularly exploitable.

Note: While Tumblr statedin 2016 that these account releases are an “ongoing thing,” it is unclear if this is still occurring, and if so, to what extent (either way, there are still many previously-used subdomains that are still able to be registered.

Are the old blog’s followers getting spam notifications from whoever re-registers the username?  

Not exactly. While Tumblr allows new users to use subdomains (URLs) that were previously used by other users, your content, followers, posts, and reblogs aren’t transfered to re-registrations; subscribers to the original, “real” blog aren’t automatically subscribed to follow these new blogs.

Are spammers using these accounts to show Viagra ads to Tumblr users at all?

Actually, they’re not even trying to get their links seen by Tumblr users; the links are designed to manipulate search engine result pages.

When Google’s PageRank algorithm was implemented in the late 1990s, it revolutionized search engines by drastically improving the quality of search results.

While evaluating the relevance of website content could be done by analyzing the actual words within articles and other webpages, PageRank aimed to quantify the authority, reputability, and quality of webpages. The basic concept behind PageRank was (and still is) simple: The more links that are pointed at a webpage, the more authoritative that webpage is considered to be.

While other search engines, such as Bing, are of course not using Google’s proprietary algorithm, their algorithms are similar and also evaluate inbound links (“backlinks,” as they say) when determining how to rank website.

As mentioned by Matt Cutts in this video, links from major news sites pass more PageRank/authority than links from obscure blogs. The reason why this is true is because PageRank flows through multiple tiers of links.

Consider two scenarios, assuming there are three websites on the Internet:

  1. Nothing      → Tumblr → Your Website
  2. News Article → Tumblr → Your Website

In the first scenario, your site has one link from a Tumblr blog that no one has ever heard of or linked to. In the second, it has a link from Tumblr, but the Tumblr then in turn has a link to it from a news site. Your Website will have more PageRank/authority in the second scenario.

The reason for registering previously-used Tumblr accounts is that any links that pointed to that Tumblr prior to its expiration are still pointing at that 404 page. When the account is re-registered, the pages can be rebuilt and will out-of-the-box have PageRank/authority from the previously-created links.

How are these cloned Tumblr blogs being built?

  1. Find a previously-used Tumblr username that is available to register. Each username comes with an associated [username].tumblr.com blog (also known as a tumblr subdomain). Make sure that the Tumblr subdomain had links from other websites before it was deleted.
  2. Add some content to the subdomain. The most common way to do this is to go to archive.org to find a snapshot of the blog before it was deleted.
  3. Add a link to whatever garbage website or product that you’re shilling for, such as my-cheap-cialis.biz.
  4. ???
  5. Profit

How Do Spammers Search for Expired Tumblr Blogs?

The basic process is to:

  1. Get a tool like Scrapebox or comparable
  2. Choose some keywords relevant to your niche (optional)
  3. Enter “site:tumblr.com + [keyword]” into your scraper. This will gather Google search results in bulk for the specified term.
  4. Run the scrape
  5. Filter out the results that are live (probably by looking at the HTTP status code), which will leave you with the pages that are no longer live (but that are still indexed by Google, since they used to be live at some point).
  6. Use a tool like Ahrefs or Majestic to check the backlink profiles of the results to see which ones have backlinks / the best backlink profiles.

For example, Ahrefs shows the following overview for the Tumblr blog demonstrated in the introduction.

Ahrefs Data - Overview - problematicfeminist.tumblr.com

And more specifically, the existing backlinks are shown here:

Ahrefs Data - Backlinks - problematicfeminist.tumblr.com

With an automated process like this, thousands and thousands of previously-used Tumblr URLs can be found. Custom scripts (or cheap foreign labor) can also be used to automatically scrape content from archive.org, re-post the content on the previously-registered URL/subdomain, and to then add in a link to Best-Legal-Steroids.co.uk or clash-of-clans-gem-hack.info.

How likely is it that someone will register my old Tumblr?

As mentioned, the goal is to register expired Tumblr URLs that have links pointing at them. If you made a post or two or ten that “went viral,” it’s possible that an old Tumblr account might be used for this type of spam.

Of course, remember that regular, non-spam users might also want to register your old username. If a Tumblr username that you used to control is now run by someone else, it may be a regular, “real” user.

Are other websites affected by similar spam?

To lesser extents, yes. Some other blogging platforms, such as over-blog, also allow for subdomain re-registration existing users close their accounts. This type of spam is particularly relevant to Tumblr because the platform expires URLs on a massive scale due to inactivity. Similarly, Twitter has an inactive account policy that can result in similar use for comparable webspam.

For more content about Tumblr, there is also a post about how Tumblr’s adult-content login-required wall reacts to spoofing a user-agent as Googlebot.

Users Who Have Downloaded More RAM:
Huevos Rancheros (4 months ago)
🐏 ⨉ 1
Posted by August R. Garcia 4 months ago

Edit History

• [2019-02-24 10:09 PST] August R. Garcia (4 months ago)
• [2019-02-24 10:09 PST] August R. Garcia (4 months ago)
• [2019-02-24 10:09 PST] August R. Garcia (4 months ago)
🕓 Posted at 24 February, 2019 10:09 AM PST

Profile Photo - August R. Garcia August R. Garcia LARPing as a Sysadmi... Portland, OR
🗎 165 🗨 851 🐏 253
Site Owner

Grahew Mattham

August Garcia is some guy who used to sell Viagra on the Internet. He made this website to LARP as a sysadmin while posting about garbage like user-agent spoofing, spintax, the only good keyboard, virtual assitants from Pakistan, links with the rel="nofollow" attributeproxiessin, the developer console, literally every link building method, and other junk.

Available at arg@256kilobytes.com, via Twitter, or arg.256kilobytes.com. Open to business inquiries based on availability.


Account created 7 months ago.
165 posts, 851 comments, and 253 RAMs.

Last active 4 hours ago:
Posted thread [Solved] Google Sheets: "Text result of JOIN is longer than the limit of 50000 characters"

Post a New Comment

To leave a comment, login to your account or create an account.

Do you like having a good time?

Read Quality Articles

Read some quality articles. If you can manage to not get banned for like five minutes, you can even post your own articles.

View Articles →

Argue with People on the Internet

Use your account to explain why people are wrong on the Internet forum.

View Forum →

Vandalize the Wiki

Or don't. I'm not your dad.

View Wiki →

Ask and/or Answer Questions

If someone asks a terrible question, post a LMGTFY link.

View Answers →

Make Some Money

Hire freelancers and/or advertise your goods and/or services. Hire people directly. We're not a middleman or your dad. Manage your own business transactions.

Register an Account
You can also login to an existing account or recover your password. All use of this site is subject to terms outlined in the terms of service and privacy policy.