Blackhat Spam SEO: Which Sites Get Hijacked?

December 06, 2010 - 2 Min. de leitura

Conteúdo

Article
Mais blogs

I have looked at 1,123 legitimate sites which have been hijacked to host spam pages redirecting users to a fake AV page. I'd assumed that most of them would be running WordPress, Joomla!, OSCommerce and other open source software known to have a history of security issues. In reality, these software packages actually represent less than 15% of all hijacked sites.

Type of Software used to create the hijacked sites

Also, a large number of hijacked sites actually had no dynamic pages - they contained only images, JavaScript, CSS and HTML files. As such, they are unlikely to have been hacked through a vulnerability in the software installed. Therefore, we can assume that one of the two following techniques were leveraged to add the PHP scripts used to generate spam pages to the sites:

Admin credentials have been stolen/brute forced, or webmaster kept the default login/password. The malicious scripts where simply uploaded using their FTP account or a web based admin interface.
Shared hosting servers could have been compromised.

The second possibility is the most likely. There have been mass-infections reported in the past for GoDaddy, BlueHost, Dreamhost, etc. The distribution of hacked sites by hosting companies is interesting:

The Endurance International Group, which owns 20 hosting companies (iPowerWeb, Pow Web, Dot5 Hosting, StartLogic, Fatcow, Globat, etc.) hosts 38% of the hijacked sites. Bluehost, a rather small hosting provider, represents 28% of the hijacked sites. However, the biggest providers host a small proportion of sites used for malicious spamming: 2% for GoDaddy, and less than 0.5% for 1&1.

It seems that most of the legitimate sites have been hijacked through a vulnerability in their hosting platform rather than in the software they are running. That's not good news for the webmaster who wants to keep his site safe: part of the problem is out of their control, keeping your WordPress or Drupal version up to date and locked down is not enough - you also need to seek out a secure hosting provider.

-- Julien

Obrigado por ler

Esta postagem foi útil?？

Sim, muito útil!

Na verdade, não

Aviso legal: este post no blog foi criado pela Zscaler apenas para fins informativos e é fornecido "no estado em que se encontra", sem quaisquer garantias de exatidão, integridade ou confiabilidade. A Zscaler não se responsabiliza por quaisquer erros, omissões ou por quaisquer ações tomadas com base nas informações fornecidas. Quaisquer sites ou recursos de terceiros vinculados neste post são fornecidos apenas para sua conveniência, e a Zscaler não se responsabiliza por seu conteúdo ou práticas. Todo o conteúdo está sujeito a alterações sem aviso prévio. Ao acessar este blog, você concorda com estes termos e reconhece que é de sua exclusiva responsabilidade verificar e utilizar as informações conforme apropriado para suas necessidades.