Cloaking: Think Outside of [Your] Box
Cloaking in SEO is defined as a technique in which the content presented to the search engine spider is different from that presented to the user’s browser (Wikipedia). But in case of hacked sites, cloaking is more tricky than just different content for search engines and for real users. It can also be different content for different types of users. Moreover, the internal implementation is usually hidden (cloaked) from webmasters of compromised sites.
This post will be about one of such site hacks that involved SEO cloaking and used quite an interesting trick to alter page content.
Continue »»
Tweet Week: January 17 – January 23, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Hackers Turn Legitimate Websites into Underground Software Stores
This is the time of the year when online sellers do their best to attract herds of holiday shoppers. Software pirates are no different. They offer huge discounts (up to 95%) for popular and expensive software products and provide user-friendly online stores. They even made their sites one step closer to you!
Continue »»
Doorways on Non-default Ports — New Trend in Black Hat SEO?
A year ago I blogged about how hackers managed to hijack hundreds of high-profile websites to make them promote online stores that sold pirated software at about 5-10% of a real cost. They used quite a standard scheme that involved cloaking (making spammy links visible only to search engine crawlers) and conditional redirects (visitors from search engines who clicked on specifically-crafted links on compromised sites got redirected to online stores of software pirates)
Despite of all my warnings, most of those site are still hacked and help sell pirated software and steal credit card numbers. This negligence of site/server administrators encouraged cyber criminals to step even further in abusing reputation and resources of compromised servers. This post will be about one of such steps.
Continue »»
Tweet Week: November 8-14, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Malware warnings, overview of what hackers and anti-hackers do, web spam … »»
Tweet Week: November 1-7, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
ProFTPD, OpenX, reporting webspam, cross-platform malware … »»
Tweet Week: June 27 – July 4, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Safer PDF viewing, Gumblar zombies, Asprox, WayBack Machine and more… »»
Spammy Links From Remote Servers
Hidden spammy links injected into web pages on legitimate websites is quite a widespread type of hacker attacks. These parasites try to suck all the “PageRank juice” out of any website they manage to break into and put their shady web pages high in search results.
There are many ways hackers can inject links. They can insert them as plain HTML (will work on most sites) or as an encrypted PHP code (the files should be processed as PHP). Hackers can even use SQL injection on database-driven sites that don’t properly sanitize user input.
Decoupling code from data
Sometimes hackers decouple code from data and inject only some PHP instructions that load spammy links from a standalone file. This makes the construction more flexible since they can simply change the content of that single file whenever they decide to promote a new set of links – no need to update every infected file on a site.
In this post, I’ll show a even more clever way of decoupling code from data.
Continue »»
Anti-Pirates Unknowingly Promote Pirates
A couple of days ago I posted my research on hacked high-ranking sites that spammers used to promote online stores selling pirated software.
Now you’ll see an amusing (and at the same time sad) illustration of the issue.
Continue »»
“Cheap Vista” or Cloaked Spam on High-Profile Sites
In this post, I’ll show how cybercriminals used hacked high-profile sites to drive search traffic to online stores that sell pirated copies of popular software and, presumably, steal credit card details.
I’ve been watching this sort of search spam for more than a year now. And after this post in Google’s Webmaster Help forum, I decided to take a closer look at this this problem.
Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
