Selected Tweets (Oct-Nov 2011)
Selected short messages and links you might have missed if you don’t follow me on Twitter.
It has been a while since the last Tweet Week. The main reason is I don’t tweet that often now to post my tweets every week and I don’t want to post old news here either.
So what happened? The answer is I can’t get used to Twitter web interface – it is so inconvenient. I had to use it when I had some strange problems with my Twitter client (twhirl). Thank’s god, I’ve finally made my twhirl work so I hope I will be able to tweet more often.
Anyway, here are some of the latest tweets.
Continue »»
Following the Black Hat SEO Traces
This is a follow up to my last week’s post about hacked WordPress blogs and poisoned Google Images search results. Cyber-criminals infiltrated 4,000+ self-hosted WP blogs and created doorway pages that would redirect visitors coming from Google Images search to scareware sites. A few days ago I posted a short update to let you know that Google has removed the doorway pages from its index. I also promised to share some new interesting details about that black hat SEO campaign. So here we go!
Continue »»
Ciscotred .cz .cc – Joomla Hack
During the last few days I’ve noticed an increased number of websites that redirect search traffic to ciscotred .cz .cc. The typical Unmask Parasites report looks like this:
Tweet Week: July 18-24, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Google’s warning, G.CO, Python in WordPress!?, Joomla 1.7, follow up on the tattoo spam »»
Tweet Week: July 4-10, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Two Tweet Weeks: June 13-26, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Gumblar Breaks WordPress blogs and other complex PHP sites
Not only iframe infections can corrupt websites. It appears that the current version of Gumbar effectively breaks WordPress blogs.
Here’s the story »»
Exploit Redirects Googlebot to Malware Sites (Bablo me uk).
Some time ago I noticed a few sites with a suspicious chain of redirects that always started with “http://bablo .me .uk/” followed with a site with a random 6 digit number as a sub-domain name (e.g. http://www. 524045. secki .info/).
I decided to follow the redirects and find out where they lead to. What I found was a server hosting hundreds of sites optimized for trojan dissemination. I’ll blog about my investigation later. Now let’s talk about the things web masters should know about this exploit.
Symptoms
- PHP-dirven site. (Especially Joomla-driven)
- Problems with having web site properly indexed by Google. Some pages don’t get indexed, some pages disappear from the index. If not – it’s only a matter of time.
- When checking web pages in Unmask Parasites, there is a chain of two 301 redirects reported and the first redirect points to “http://bablo .me .uk/”. However when opening the same pages in a browser, no redirection occurs (even when clicking on Google search results.)
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
