Fynd Developer Blog
Date Posted: January 2026
Lately, we’ve been seeing some strange pages show up in search results. They usually live under a folder called something like /article/ and use long page names based on the title, with the words separated by dashes. They usually don’t stay online for very long. When you click one, it often redirects you straight to the same site, most recently "custommapposter.com".
What’s happening is that real websites are being used, usually without the owner knowing, to host spam pages for a short period of time. These pages aren’t meant for people to read. Their only purpose is to grab search traffic and send visitors somewhere else. Once the site owner notices the problem or the site gets cleaned up, the pages disappear.
One pattern is that many of these sites are running the LiteSpeed web server. That doesn’t automatically mean LiteSpeed itself is the issue, but it does point toward software commonly used alongside it, such as cache plugins for WordPress or other CMS platforms. The LiteSpeed Cache plugin in particular has had serious vulnerabilities and was only recently patched, which left millions of sites exposed for a window of time. When attackers find a weakness in popular plugins like this, they move fast and reuse the same exploit across many sites before owners have a chance to update.
Because these pages are created automatically, they all look very similar. The same folder names keep showing up, the titles follow the same pattern, and the redirect behavior is almost identical. From a search engine point of view, patterns like this become noticeable pretty quickly.
The web is always changing, and spam tactics change with it. These “article” pages are just another example of short-lived web spam designed to take advantage of real websites before anyone notices. If something looks off when you click a result, there’s a good chance it really is.
We’ll keep watching for patterns like this and filtering them out so real content has a better chance to be seen.