1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How did this spammer put his links on a PR 8 gov. site???

Discussion in 'Black Hat SEO' started by gr33n, Oct 1, 2009.

  1. gr33n

    gr33n Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2007
    Messages:
    501
    Likes Received:
    243
    Gender:
    Male
    Location:
    Ro
    ..so i was looking in the top20 for buy viagra and the site below catch my attention when i checked the backlinks in yahoo site explorer

    This is the profile used for ranking for buy viag.ra
    Code:
    honda-tech.com/member.php?u=999662781
    
    and here are the backlinks for this profile

    https://siteexplorer.search.yahoo.c...-tech.com/member.php?u=999662781&fr=sfp&bwm=i

    the first backlink is from

    http://www.compact.org/

    which is pr 8.If you search for viagra on the site you'll not find it (he is using this code style="position: absolute; top: -400px; left: -2400px;)but in source he is spamming dozens of his profile made on different parasite pages


    [​IMG]

    the second site in yahoo site explorer is from a gov.pa site from Panama pr 7 (Ministerio de Relaciones Exteriores).... and so on..

    how the hell did he do that?

    All I can think of is these sites/servers(where the pages are hosted) have some kind of vulnerability and he is able to put those urls in the source code...
     
  2. BunThings

    BunThings Registered Member

    Joined:
    Jun 17, 2009
    Messages:
    91
    Likes Received:
    14
    Location:
    Toronto
    Home Page:
    This actually happend with my wp blog, i couldn't find the link anywhere, but it was in the source code. I bet it's a input vulnerability (comments/login) etc..
     
  3. christopher

    christopher Newbie

    Joined:
    Jan 29, 2009
    Messages:
    13
    Likes Received:
    7
    it's a WP blog, could be an old version that has been exploited.. or was exploited before they updated.

    It's an .edu, they just slap that crap online and nobody knows how to run it.

    I remember people bitching about this sort of thing in the past... WP 2.6 era i think

    and damnit, now im curious and I'm going to waste the next hour looking through this guys back links for juicy stuff I can use.
     
  4. bl4ck

    bl4ck Newbie

    Joined:
    May 14, 2008
    Messages:
    27
    Likes Received:
    0
    hacklink.
     
  5. digitalcrew

    digitalcrew Regular Member

    Joined:
    Jan 2, 2009
    Messages:
    330
    Likes Received:
    43
    Location:
    India!
    if it is an old outdated wordpress blog then I am sure it is an XSS/SQL injection variant.
     
  6. BunThings

    BunThings Registered Member

    Joined:
    Jun 17, 2009
    Messages:
    91
    Likes Received:
    14
    Location:
    Toronto
    Home Page:
    Exactly what i was thinking, but i'm sure its the latest version.. Ether way sql injections could always be tweaked so it has to do with some input fields on the site in discussion
     
  7. gr33n

    gr33n Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 22, 2007
    Messages:
    501
    Likes Received:
    243
    Gender:
    Male
    Location:
    Ro
    this way he have a stable way of juice coming all the time .If a parasite site goes down he just replace it with something else...
     
  8. iglow

    iglow Elite Member

    Joined:
    Feb 20, 2009
    Messages:
    2,081
    Likes Received:
    856
    Home Page:
    loads of pills top10 is either on hacked hosts or has loads of hidden links like this one. nobody will give u hints on that here though i bet :D
     
  9. worldismine

    worldismine Regular Member

    Joined:
    Feb 25, 2009
    Messages:
    380
    Likes Received:
    286
    If you know how this is the best way to get quick / good PR links :D
    I practice this method myself. Blackhat methods FTW !!!
     
  10. TheMatrix

    TheMatrix BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    3,444
    Likes Received:
    7,279
    This is for sure, http://karangoel.in/2009/10/02/3-websites-that-will-make-you-a-hacker/.
     
  11. Kakucis

    Kakucis Registered Member

    Joined:
    Sep 27, 2009
    Messages:
    64
    Likes Received:
    8
    This is SO Black Hat!

    But this is the most powerful method that's for sure.
    Looking for further reading on this topic.
     
  12. SRLee

    SRLee Junior Member

    Joined:
    Sep 12, 2009
    Messages:
    191
    Likes Received:
    104
    Wow, that is so freakishly black!

    I just cannot imagine the possibilities if I was granted this ability. My sites would hit the No.1 position in like a week. @.@
     
  13. oblivion19

    oblivion19 Senior Member

    Joined:
    Aug 24, 2009
    Messages:
    841
    Likes Received:
    387
    wow.. this is some kind of exploit..

    can some one wid a knowledge on this could throw more light on this..

    I guess it has something to do with finding sites wit vulnerabilities and exploit them
     
  14. kahve123

    kahve123 Newbie

    Joined:
    Sep 23, 2009
    Messages:
    42
    Likes Received:
    32
    well infact the the links are in the page
    they are just invisible to you
    this is done by a simple css trick. It doesnt work on every site, but it is very simple.
    Select the entire site ctrl+a open a txt file paste it
    you will see
    buy viagra no prescription soma no prescription tramadol no prescription ultram no prescription meridia no prescription reductil no prescription alprazolam no prescription diazepam no prescription xanax no prescription valium no prescription ambien no prescription phentermine no prescription adipex no prescription zoloft no prescription augmentin no prescription valtrex no prescription prednisone no prescription topamax no prescription klonopin no prescription clonazepam no prescription ativan no prescription lorazepam no prescription acomplia no prescription rivotril no prescription xenical no prescription celebrex no prescription propecia no prescription buspar no prescription zoloft no prescription lexapro no prescription paxil no prescription effexor no prescription cipro no prescription prozac no prescription lipitor no prescription zolpidem no prescription zithromax no prescription Buy viagra discount viagra cheap generic viagra viagra sale generic cialis cheapest cialis order viagra online buy viagra without prescription order cialis online buy cialis without prescription order levitra online

    everything is there :)
    The ultra nice point is how he puts that in there?
    I have no idea but thats pure black for sure
     
  15. Kakucis

    Kakucis Registered Member

    Joined:
    Sep 27, 2009
    Messages:
    64
    Likes Received:
    8
    @oblivion19

    This is explot hack for sure. But they have so many back links that I star to think that they have some kind of software or something. Othervise it will take a loooong time to hack each site.
     
  16. joomador

    joomador Registered Member

    Joined:
    Aug 26, 2009
    Messages:
    98
    Likes Received:
    20
    Occupation:
    Student
    I'd like somebody who knows how to do this to make a guide for us NOOBS!
     
  17. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    Without looking at the sites I'd say they are probably WP blogs, this is the most common place to do this because of a vulnerability.

    He then uses CSS to move the locations that the links are placed off screen so nobody visiting the page sees them.

    I woudl guess he had taken it a step further and developed a tool to do this all automatically because it looks like he really went to town - those big pharma guys mean business.
     
  18. eskimo

    eskimo Regular Member

    Joined:
    Dec 1, 2008
    Messages:
    474
    Likes Received:
    178
    its not "necessarily in the source code", browsers just output stuff as if it was coded in. it is most likely being drawn from a database, and since thats server side scripting, the php output looks like html when you see it in your browser (you cant view source for php).

    view the source of this page, you see any php? nope

    he most likely did this with mysql injection, as in inserted his shit into their database. we not allowed to talk of such things on this forum, so ill leave it at that :)
     
  19. iglow

    iglow Elite Member

    Joined:
    Feb 20, 2009
    Messages:
    2,081
    Likes Received:
    856
    Home Page:
    why would somebody share such trick with noobs? :)
     
  20. icecubes

    icecubes Newbie

    Joined:
    Nov 11, 2008
    Messages:
    12
    Likes Received:
    0
    have a look at hxxp://www.mfcoatings.co.uk
    and view the source this is running joomla
    look at the bottom of the source code
    this site is hosted on mewebhosting
    but no other site on the same account has the same
    rubbish attached.
    might be a joomla hack.