1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Inside a Hacked SEO Backlink Network

Discussion in 'Black Hat SEO' started by Asif WILSON Khan, Nov 21, 2015.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    11,457
    Likes Received:
    32,383
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    When your site gets hacked this is how it can be used:


    [​IMG]

    On Tuesday of last week, we got a notification from Google that stated a client website was hacked. What I didn?t realize at the time was this was one of the craziest SEO hacks I?ve seen in a very long time.
    These types of hacks are extremely common on the interwebs, especially on WordPress sites. The hacks usually play out something like this:​
    Attackers will scan the open web for IP addresses that contain a certain framework. In this case they were looking for WordPress sites, however I also found Magento sites, custom sites, and a handful of other frameworks. One of the most impressive aspects of this hacks was the fact that I found multiple different frameworks that just got hacked, not just WordPress (or Joomla, etc).​
    From there, the hackers bulk scanned the targeted sites for ones that have outdated frameworks and plugins. They then lookup each site for known exploits and use them to gain access to the system. Most of the time these are SQL injections.
    [​IMG]




    To illustrate just how easy this can be done, here is a step by step YouTube video of an attacker gaining access to a WordPress website in about 3 minutes. Crazy right?
    Once they gain access, attackers often times have different goals for what to do with the hacked site. Sometimes they are politically motivated and put up and landing page for their hacking groups. Other times you won?t even notice anything is wrong, they are looking to expand their botnet to use your server as a node in their attack system​
    Other times, and in this case they are very blackhat SEO?s looking to use your website as a giant source of link juice to sell links or to boost their own affiliate sites. A secondary motivation for this hack might have been to collect credit card numbers from potential customers, but I don?t have any evidence of that.


    Source:FULL STORY: http://www.elite-strategies.com/inside-a-hacked-seo-backlink-network/
     
    • Thanks Thanks x 8
  2. Panther28

    Panther28 Jr. VIP Jr. VIP

    Joined:
    May 2, 2010
    Messages:
    2,538
    Likes Received:
    3,561
    Occupation:
    Internet.
    Location:
    Internet.
    Home Page:
    I was just wondering how to test my websites for this, cheers. Interesting strategy, considering how long most of us consider that linking our pbns together is a no go, they seem to have gone against the grain here. How did their sites actually perform, did you do any analysis into that?
     
  3. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    11,457
    Likes Received:
    32,383
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    To protect your WP site, use something like WordFence
    https://wordpress.org/plugins/wordfence/

    Check your site with these site scanners:
    http://www.unmaskparasites.com/
    https://sitecheck.sucuri.net/
    https://aw-snap.info/file-viewer/

    Log into cPanel or use ftp to check for new directories and new .php files on your server.


    As for how the sites perform, most of the time this is all about mass spam churn and burn, the sites don't tend to last long but as the system is automated there are constantly new sites being added.
     
    • Thanks Thanks x 2
  4. virtualbyron

    virtualbyron Jr. VIP Jr. VIP

    Joined:
    May 11, 2014
    Messages:
    1,243
    Likes Received:
    794
    Occupation:
    WHITE HAT
    Home Page:
    I was hacked this month, I go on ahref like every morning and I see many shit blast link on all my site from the same server like URL : mysite.com/xxxx.htm, the guys have make a redirection to his site and spam my URL as hell with auto approval blog comment with anchor like "buy cheap shitblabla", so I look his site on ahref and I see few thousand of site with the same URL redirection, thousand of people hacked

    It is not very serious, but if one day I wake up for see my site has a 301 redirect from root my bad! and yes I don't have any free plugin/theme, I bought them to be safe

    Keep all your theme and plugins updated mate !
     
    Last edited: Nov 21, 2015
  5. starki

    starki Power Member

    Joined:
    Jul 17, 2012
    Messages:
    689
    Likes Received:
    220
    Just have a look at a significant number of the links offered in SAPE and similar links networks. They are hidden links on average small business sites from all over the world and I'd bet a lot of money that a dentist or small hotel don't sell hidden links themselves.
     
  6. seoisazombie

    seoisazombie Registered Member

    Joined:
    Jul 26, 2015
    Messages:
    56
    Likes Received:
    2
    lol dude you read my mind.. i was cleaning some wordpress sites today that got hacked.. the guys are using thousands of hacked sites to rank their niches.. crazy stuff. I mean, we all knew about this type of strategies but if you think about it... they can get thousands of free PBN contextual links for free.
     
  7. waitier

    waitier Power Member

    Joined:
    Sep 5, 2013
    Messages:
    738
    Likes Received:
    202
    If you check the sever logs, for example apache logs (commonly used), you can see there are a bunch of 404. If they managed to get a 200 or 301 to one of your plugin's script, that means you're using one of the vulnerable ones.

    Simple rule, don't install too many plugins. And don't install plugins that the developer has stopped supporting. Usually paid themes has a bunch of plugins installed, and it's hard to tell which ones you really need (especially from themeforest).

    For securing login, I just create a rule in cloudflare on login.php and it pretty much reduced the attacks (as seen in the logs, the number of IP hammering login.php will drop).

    As more and more advancement in web dev, it will get more complicated to secure. That's the part I hate the most.
     
  8. stugz

    stugz Junior Member

    Joined:
    Apr 14, 2013
    Messages:
    154
    Likes Received:
    34
    If you are on shared hosting all of the security tips that are given out by the "experts" mean squat. Anybody with a site on that server can get to your site files trivially. It doesn't need very much knowledge. So all the advice about Wordpress plugins (for example) in the main is a load of rubbish. Most of the "hacking" takes place by getting in to any site on the server usually a hand coded one and then poking around on the server. Alternatively, they just host a load of sites and break in to back ends even more trivially.

    For anything valuable don't use shared hosting.
     
  9. clevelandslim

    clevelandslim Jr. VIP Jr. VIP

    Joined:
    Nov 15, 2008
    Messages:
    1,856
    Likes Received:
    188
    Valuable and useful information for all.
     
  10. accelerator_dd

    accelerator_dd Jr. VIP Jr. VIP

    Joined:
    May 14, 2010
    Messages:
    2,448
    Likes Received:
    1,009
    Occupation:
    SEO
    Location:
    IM Wonderland
    Nice read! (15char)
     
  11. king0735

    king0735 Registered Member

    Joined:
    Sep 1, 2015
    Messages:
    72
    Likes Received:
    12
    thats crazy thanks for the info because i should be building a site in a few days
     
  12. fahadshaikh

    fahadshaikh Junior Member

    Joined:
    Aug 6, 2015
    Messages:
    137
    Likes Received:
    5
    Valuable and useful information for all :) thanks