1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Code injection

Discussion in 'Black Hat SEO' started by DAMINK, Jan 19, 2008.

  1. DAMINK

    DAMINK Registered Member

    Joined:
    Jan 2, 2008
    Messages:
    97
    Likes Received:
    110
    Occupation:
    Trade Printer but thats changing all be it slowly.
    Location:
    Melbourne, Australia.
    Home Page:
    Gday all.
    Recently i had a site i admin get injected with some encrypted code.
    To start it was just a trojan download to all visitors. But then after a day or 2 it got a bit worse. All content was deleted and just spammy crap on the site.
    No big deal, i got the host to patch and backup. The host said only that it was russians. Apparantly there is nothing they can do.
    My question is would it be a beneficial method to find weak servers then inject code to point to lets say a payed adds page. Or would that just land yourself in trouble. If it was pointing to a free site etc.
    Not sure if this is just a silly thread but it has been on my mind for a week or 2 now. The russian that hacked me was just silly. I believe if it was a much more soft attempt it might have gone unnoticed for a long time.
     
  2. Essential Clix

    Essential Clix Executive VIP Premium Member

    Joined:
    Jul 30, 2007
    Messages:
    1,755
    Likes Received:
    2,791
    Location:
    USA
    Sounds to me like it would be more trouble than it's worth.
     
  3. DAMINK

    DAMINK Registered Member

    Joined:
    Jan 2, 2008
    Messages:
    97
    Likes Received:
    110
    Occupation:
    Trade Printer but thats changing all be it slowly.
    Location:
    Melbourne, Australia.
    Home Page:
    Yea i kind of have to agree.. It was just a thought after having to deal with such a problem and basicly no ability to track them.
    I mean the injection could be done easy enough but the account setup for lets say adsence would be tricky to say the least. Not gettin tracked down and all.
    Cheers for the reply.
     
  4. seomaniac

    seomaniac Newbie

    Joined:
    Jan 19, 2008
    Messages:
    29
    Likes Received:
    0
    sounds like sql injection which usually inject through form with javascript
     
  5. Wombat

    Wombat Registered Member

    Joined:
    Apr 26, 2007
    Messages:
    84
    Likes Received:
    66
    Do a Google search for "buy viagra" and similar.
    You will see that those guys use that trick big time, because it works.
     
  6. ShazzMan

    ShazzMan Junior Member

    Joined:
    Apr 8, 2008
    Messages:
    154
    Likes Received:
    11
    Yes and that gets touchy
     
  7. stealthisblog

    stealthisblog Regular Member

    Joined:
    May 26, 2008
    Messages:
    289
    Likes Received:
    238
    Location:
    New York City
    your getting things mixed up there. SQL Injection is when you inject database commands to "hijack" the query and retrieve/edit data from the database (ex. the admins password) through a GET(url)/POST(forms) parameter sent to any server running a server side scripting language that has a backend database such as asp/mssql or php/mysql. It has nothing to do with javascript since thats client-side. If you got hacked chances are the russians used a sql injection to get your md5'd admin password then cracked it with passwords pro or online rainbow tables like gdataonline.com, then they just had fun through your admin panel. Its not too hard to do, especially since many people released pre-made exploits for buggy scripts on sites like milw0rm.

    Javascript/HTML injection would be Cross Site Scripting, which can be either permanent or non-permanent. Non-permanent XSS's are the most common, found in places such as search engines. They can be used to steal cookies, redirect/phish users, or sometimes aid in a more deadly attack called XSRF (cross site request forgery) or OSRF (on site request forgery) which forge packets to look like theyre from the admin to add users to the admin group, promote users, change the admin password etc... These injections are only visible when you visit the page with the malformed GET data (in a link you send, etc). Permanent XSS's are found in things like forums (crappy ones atleast) or guestbooks, where you can permanently deface the site, add content/ads, or do any of the above mentioned attacks and have it stick on the page so the victims dont have to follow your malformed link to see it.

    Now, about your idea. Thats 100% illegal since you are accesing anothers website and changing it around, in a way defacing it. To make it worse you are doing it to earn money you shouldn't be getting since its not your site. If they find you and report you, it would be easy to track you since your advertising account is linked to your name. I have tried this before in the past with iframes and an autoclicker, but it messed up the back button on the vbulletin forums I put it on and they all found out why. They found the iframe, saw my site, and got my advertising account and hosting cancelled. Luckily thats all they did. So in the end, its not worth the risk, don't bother with it.
     
    • Thanks Thanks x 2