1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Black Hat SEO campaign powered by SQL Injection

Discussion in 'Black Hat SEO' started by Asif WILSON Khan, Jan 13, 2016.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,171
    Likes Received:
    33,768
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Interesting read on an illegal BlackHat SEO campaign. Remember, don't try this at home ... it is illegal ... you will get f#cked.

    Black Hat SEO campaign powered by SQL Injection


    Campaign targeted MS-SQL installations to cross-promote a cheater's website


    A new threat advisory from Akamai highlights a Black Hat SEO campaign that's leveraging SQL Injection as a means to generate links to website dedicated to stories about cheating.
    The shady SEO campaign can be considered a success too, because the domain benefiting from the inbound links is still the top listing for the primary keywords.



    The website behind the campaign, or at least the website that has gained the most from it, wasn't listed in the Akamai report. Salted Hash did some digging, and it didn't take long to discover the website in question; storyofcheating[dot]com.


    At one point, Akamai says, the Black Hat SEO campaign included more than 3,800 websites and 348 unique IP addresses. Technically, the campaign is more mass defacement than straight-up SEO scam, because the primary focus was SQL Injection.
    It's important to note that those responsible for the defacements were not targeting a vulnerability in MS-SQL or IIS. Instead, they were targeting poorly developed applications that rely on Microsoft's platform to function.
    As long as the targeted application didn't validate user-supplied input, it could be used to promote the storyofcheating[dot]com website.
    Once a vulnerable application was discovered, various content would be added to the database, including all the HTML needed to supply links to storyofcheating[dot]com. The defaced websites would appear normal to those operating it, because the injected content is only visible to search engines.
    Most of the added content was junk ? filler text with a handful of related keywords and meaningless sentences ? but there was enough content to create relevancy. According to one internet traffic monitor, storyofcheating[dot]com didn't have a solid SEO presence until late November, when this campaign started. Once it took hold, inbound links to the site (and its ranking on Google) skyrocketed. The numbers dropped off in mid-December, followed by a brief spike, and another sharp drop.
    On Monday, a day before the Akamai report was to be released, Salted Hash confirmed that a Google search for "cheat story" still returned the desired result for the SEO campaign, as storyofcheating[dot]com was the top link.
    Many of the defaced websites were completely unrelated to the topic of infidelity, including websites dedicated to software development, SharePoint, Foosball, Tennis, political marketing, and more.
    As mentioned, the SEO campaign targets MS-SQL. The common theme between the defaced domains is WordPress and BlogEngine.NET. However, the core code on those platforms isn't what's being targeted. It's more likely the campaign hinges on vulnerable themes and add-on scripts.
    Most of the defacements centered on theme and template folders, and generated an entire set of pages, including RSS feeds for the added content.
    Another common theme among the defaced websites was abortion. Many of the defaced websites would link to storyofcheating[dot]com under the pretext of abortion discussions, including abortion pills and chemical abortions, as well as topical discussions such as teen pregnancy.
    The point of Akamai's threat report is that SEO is important to businesses online, and criminals have no problem with taking advantage of existing SEO rankings and reputation to further their schemes.
    On the other hand, this type of fraud isn't limited to businesses, as criminals will target personal websites too.
    The standard precautions apply; if you deploy a CMS platform, such as WordPress or BlogEngine.NET, make sure that everything from the server software, core platform software, and add-on modules are kept updated. Monitor your website and server for changes, and investigate anything that seems unusual.
    Moreover, it's possible to use Google to catch added pages by searching your domain and looking at what's being indexed.
    A copy of the Akamai report is available here.

    Source: http://www.csoonline.com/article/30...at-seo-campaign-powered-by-sql-injection.html


    Black Hat SEO Campaign Leverages SQL Injections to Boost Search Rankings


    Akamai tracks down culprit, exposes his actions


    A new type of black hat SEO campaign has been uncovered in the last few months by Akamai's experts, who have observed that an attacker is using SQL injection flaws to deface websites with hidden content, specifically aimed at improving his website's SEO ranking.
    The campaign has targeted around 3,800 different websites, hosted on 348 unique IP addresses, and leverages SQL injection flaws in MS-SQL servers.
    Campaign relies on injecting websites with hidden text

    According to Akamai, attackers are using the SQL injection flaws to penetrate databases, search for the website's content, and sneakily insert extra content in various pages.
    This content is not left in the open, since both users and the site's admins might notice it, but it's hidden with CSS, and only presented to search engine crawlers.
    The hidden content contains both keywords and links that help the attacker's own website gain a better position in search engine rankings for various terms related to "cheating and infidelity."
    On the opposite side, websites that are defaced in this manner lose their search engine rating, being polluted with unrelated or adult-themed content.
    MS-SQL database servers targeted

    Akamai reports that the first signs of this campaign were detected last July, and later intensified towards the end of the year. Most targeted websites seem to be written in ASP and running on older versions of IIS, Microsoft's Web server technology, but some PHP-based websites also seemed to have been compromised as well.
    Akamai did a poor job of blurring the name of the website that benefited from the black hat SEO campaign, which is storyofcheating[dot]com.
    The website has gained such a massive SEO reputation from this campaign that, at the moment of writing this article, after typing "cheating" in Google, the campaign's website comes up in the first five results, right there next to dictionary definitions and Wikipedia pages.
    Akamai details the attack in its latest security report.

    Source: http://news.softpedia.com/news/blac...ections-to-boost-search-rankings-498800.shtml
     
    • Thanks Thanks x 5
  2. dystopia

    dystopia Registered Member

    Joined:
    Jan 9, 2016
    Messages:
    74
    Likes Received:
    30
    It's hard getting anymore black hat than this considering it's also black hat hacking. I would so do this if I lived in a third world country where the authorities didn't give a **** haha
     
  3. ChanzGrande

    ChanzGrande Elite Member

    Joined:
    Feb 16, 2008
    Messages:
    2,487
    Likes Received:
    1,177
    Occupation:
    Accountant
    Location:
    Northern Woods Counting Money
    These guys are something else. They'll do absolutely anything to rank their content, even tear down well established sites in the wake of their illicit link building exploits.
     
  4. True Miller

    True Miller Junior Member

    Joined:
    Nov 20, 2015
    Messages:
    107
    Likes Received:
    60
    Location:
    Everywhere
    You've got to be thick as shit to automate a hacking process that points directly to you.
     
  5. dystopia

    dystopia Registered Member

    Joined:
    Jan 9, 2016
    Messages:
    74
    Likes Received:
    30
    I don't think they are that stupid. They probably use stolen credit cards, which they use to buy bitcoins, laundering them a little and transfer the funds to some country which doesn't care about western authorities.
     
    • Thanks Thanks x 1
  6. itz_styx

    itz_styx Jr. VIP Jr. VIP

    Joined:
    May 8, 2012
    Messages:
    560
    Likes Received:
    262
    Occupation:
    CEO / Admin / Developer
    Location:
    /dev/mem
    Home Page:
    nothing new at all, this has been going on since years in various niches.. especially pharma, payday etc
     
  7. terrycody

    terrycody Supreme Member

    Joined:
    Sep 29, 2012
    Messages:
    1,462
    Likes Received:
    401
    Occupation:
    marketer
    Location:
    Hell
    thx as always share gems at here

    Edit:

    And just finished reading, this is not new to me, as a Chinese, I know how many hackers(chinese) there and try to hack others serve or website per minute, yea, no kidding, even im typing now, China is somekind vague in such things, means, even you hack the CCTV, no one care about your shits, no kidding, and i personally know some hackers earn good (2K dollars per month) just sit there and sell their hacking data, serve info, sockets, whatever, i wont judge them, if you believe in karma, there is, if you dont, then totally whole new story

    sum up for Chinese hackers

    in our mainland: they always try to hack authority sites to place "casino" "games" "others" hidden links, 90% casino.

    they hack in English world: " e-commerce" , 90% Chinese guy will choose do e-commerce/dropshipping sites to overboard as we produce cheap gadgets and clothes to shit the world. And I saw many sites hacked and placed Chinese guy e-commerce links, for example, jerseys etc

    There is always space for a hacker to live, no doubt about that.


    Terry
     
    Last edited: Jan 14, 2016
  8. asap1

    asap1 BANNED BANNED

    Joined:
    Mar 25, 2013
    Messages:
    4,961
    Likes Received:
    3,185
    lol nice story, these guys going hard.
     
  9. 1morenoob

    1morenoob BANNED BANNED

    Joined:
    Nov 17, 2014
    Messages:
    412
    Likes Received:
    193
    edit don't worry read properly lol
     
    Last edited: Jan 14, 2016
  10. moonshine7000

    moonshine7000 Senior Member

    Joined:
    Mar 4, 2013
    Messages:
    1,046
    Likes Received:
    419
    Occupation:
    A+ IT technician,Clickbank and Amazon Marketer
    The moral of this thread don't use Microsoft Web Servers easy to use but lot of security weaknesses.Apache on Linux Servers rules.Always test data input validation in web applications to prevent SQL injection attacks.