-
Archive for the ‘injection’ Category
- Feb 14th, 2008
-
Blackhat SEO Spammer targeting High PR WordPress Blog
I’ve been monitoring mattheaton.com “wordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.
By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.
Cloacking Check on Mattheaton.com
- Normal Browser
- 32,246 characters - mattheaton-com-source.txt
- Google bot
- 34,646 characters - mattheaton-com-googlebot-source.txt
- Difference
- 2,400 characters
- Dec 21st, 2007
-
Mass Remote Code Injection as Googlebot - Packet Spoofing Perl bot & Trojan
For this past three days this blog is suffering DOS attack . The attack is still alive now I don’t think they will leave yet.I cant banned this bot directly as they were sending forge packet (packet spoofing) as googlebot http://www.whois-search.com/whois/64.233.166.136. Im still looking for the right ISP.
OrgName: Google Inc. OrgID: GOGL Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US
- Nov 30th, 2007
-
How to Remove Wordpress.net.in Spam Injection
I found this while browsing WordPress support forum, some of these victims update their default_filters.php and upload class-mail.php inside their WordPress without being aware that it’s a backdoor (wordpress.net.in). There is no class-mail.php in WordPress except class-phpmailer.php. So don’t get confuse by it.Below is a quick workaround on how you can removed the offending goro spamware injection before Google banned you from the internet pipes.
