Gumblar Breaks WordPress blogs and other complex PHP sites
Not only iframe infections can corrupt websites. It appears that the current version of Gumbar effectively breaks WordPress blogs.
Here’s the story »»
Exploit Redirects Googlebot to Malware Sites (Bablo me uk).
Some time ago I noticed a few sites with a suspicious chain of redirects that always started with “http://bablo .me .uk/” followed with a site with a random 6 digit number as a sub-domain name (e.g. http://www. 524045. secki .info/).
I decided to follow the redirects and find out where they lead to. What I found was a server hosting hundreds of sites optimized for trojan dissemination. I’ll blog about my investigation later. Now let’s talk about the things web masters should know about this exploit.
Symptoms
- PHP-dirven site. (Especially Joomla-driven)
- Problems with having web site properly indexed by Google. Some pages don’t get indexed, some pages disappear from the index. If not – it’s only a matter of time.
- When checking web pages in Unmask Parasites, there is a chain of two 301 redirects reported and the first redirect points to “http://bablo .me .uk/”. However when opening the same pages in a browser, no redirection occurs (even when clicking on Google search results.)
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
