Chris Contolini

Keyword stuffing Craigslist: still an easy task

Jun 17, 2009

Back in the heyday of Craigslist spam, exploiters found simple methods of circumventing the site’s reliance upon community moderation. Keyword stuffing, the act of loading a page with keywords to increase its visibility in search results, was super easy because Craigslist stripped few HTML elements (and attributes) from posts.

A user could create a post to sell, for example, a Squier Stratocaster, and pump related keywords into a hidden div{.colorbox}. Craigslist would index the hidden words even though they were kept from visitors’ eyes. Someone searching Craigslist for a les paul would find the squier posting because “les paul” was found inside the hidden div.

Keyword stuffing is both annoying and ineffective. Anyone looking to buy a Les Paul is not going to be interested in a low-end Squier. But, it’s a cheap and easy way to push content toward thousands of eyes. For this reason, spammers and scammers love it.

Eventually, enough users smelled something fishy in their SERP and complained to Craigslist. A year ago Craigslist rolled out an update that blocked most HTML elements and attributes, permitting only a select few.

The update stopped keyword stuffing dead in its tracks. Nowadays, most Craigslist keyword stuffing occurs through use of font elements with a color attribute set to a very light color, often lightyellow or honeydew. People notice this text and flag the ads. Community moderation defeats it.

But there is still a gaping hole in Craigslist’s search engine: the values of attributes are indexed. Attribute value types that aren’t checked for integrity, such as uri, can be keyword stuffed.

Instead of hiding keywords in a div, they can be hidden in the values of href{.colorbox} and src{.colorbox}. Craigslist checks for whitespace so slashes must be inserted, but slashes are conveniently treated as spaces when pulling search results.

Craigslist needs to either check the integrity of attribute values or stop indexing them. Novice users don’t flag keyword stuffed posts because they chalk their SERP appearance up to bad search engine technology and not malicious posters. Either way, the blame is on Craigslist.