• Posts Tagged ‘sybil+attack’

    Feb 14th, 2008

    Blackhat SEO Spammer targeting High PR WordPress Blog

    wordpress-blackhat-seo-spam.png image by chaoskaizerI’ve been monitoring mattheaton.comwordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.

    thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.

    By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.

    Cloacking Check on Mattheaton.com

    Normal Browser
    32,246 characters - mattheaton-com-source.txt
    Google bot
    34,646 characters - mattheaton-com-googlebot-source.txt
    Difference
    2,400 characters

    (more…)

    Filled in Security, WordPress, injection, owned · 3 Comments

     
    Jan 31st, 2008

    Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II

    wordpress-blackhat-seo-spam.png image by chaoskaizerBeing Hacked by SEO spammer is seem like a yearly events at Mattheaton.com. Matt’s WordPress blog was first hijacked 2 months ago on 26 November 2007 (according to my record). You can digg my earlier post at → Matt Heaton BlueHost HostMonster CEO Official Blog Hacked.

    It’s a big embarrassment for bluehost & hostmonster hosting to have their CEO’s blog being spamride every year (since 2007) . Drilling Matt Heaton’s with bad ads wont solves the Blackhat Spam issues, I will left that particulars part to my readers to speculate.

    (more…)

    Filled in Security, WordPress, vulnerability · 1 Comment

     
    Dec 1st, 2007

    Matt Heaton BlueHost HostMonster CEO Official Blog Hacked

    Dec 11 2007 - Matt Heaton Blog’s has been cleansed. ATM he’s using latest version of WordPress (2.3.x). And also most of the blogs lists in this articles has been upgrade.

    Jan 26th, 2008 - Seem like bluehost engineer did a bad job at cleaning, the goro spam is back.

    bluehost hosmonsterJust after the recent issue on wordpress.com.cn now there is new wordpress imitater. A remote spamware injection by wordpress.net.in

    I was reading one of Matt Heaton posted 2 days ago when I found bunch of spamsware link on his wordpress footer.

    mattheaton.com bluehost ceo hack wordpress footer

    Matt’s is using default wodpress theme (kubrick) with single javascript for adsense. The only way the spams can get in is probably via php injection or by manual editing. All the spamware is redirect to howardowens.com/?order=XX page.

    Lookup for howardowens.com

    The below diagram explained the lookup results for howardowens.com. click on the image to enlarge.

    lookup results for howardowens-com
    Surprisingly the spammer website is also host by bluehost.com (69.89.16.0/20,74.220.192.0/19 ,69.89.16.4 -> box183.bluehost.com).

    (more…)

    Filled in Bluehost, HostMonster, WordPress · No Comments