Brian White, part of Matt Cutts webspam team, has joined Search Engine Watch Forums to continue the outstanding Google to Webmaster communication we have seen recently. Brian adds some more detail to our post yesterday on Web Hosts Found Cloaking Webmaster Content.
Brian explains what exactly is being done by this fraud:
We've discovered that the likely explanation is that a third party gained access to a number of sites and dropped files in these accounts (including a modified .htaccess using rewrite rules) for the purpose of rewriting the home page through a proxy script. The proxy script adds links when Googlebot visits, and in a sinister twist, adds the rel=nofollow link to cap off PageRank bound for any external URL not under control of this third party. As Danny noted, they also add a NOARCHIVE meta tag to disable the cached version in results.
He then clarifies that Google has made sure to block any PR boost or ranking boost this person is trying to achieve.
Finally, Brian explains additional methods for you to see if this is a problem on your site.
At the risk of allowing the folks who created this to adapt, you can use Google Translate to confirm the behavior. Check any of the affected sites (no Cached link) on the Google search ["hairy sex porn free"] via Translate to see the cloaking, since the proxy script checks for a visit from Googlebot IP addresses, and doesn't discern between a regular crawl visit and a Translate request.
Continued forum discussion at Search Engine Watch Forums and welcome Brian!