I’ve been monitoring mattheaton.com “wordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.
thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.
By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.
Cloacking Check on Mattheaton.com
- Normal Browser
- 32,246 characters - mattheaton-com-source.txt
- Google bot
- 34,646 characters - mattheaton-com-googlebot-source.txt
- Difference
- 2,400 characters
Cloacking Check on jensfrake.com & blog.jensfrake.com
- Normal Browser
- 59,580 characters - blogjensfrakecom.txt
- Google bot
- 59,699 characters - blogjensfrakecom-googlebot.txt
- Difference
- 119 characters
While scanning jensfrake.com their server return 400-500 error, so we had to scan his (clone) subdomain blog.jensfrake.com instead of the main site
This time around, you wont see the spam on both of this website, all the spam links is position out of the client view-port (top -3337px, left -2227px).
another mathematical jokes, l33t.
<div style="left: -2227px; position: absolute; top: -3337px">
What’s new with Goro spam 2008
- WordPress <= 2.3.2 is vulnerable to this attack.
- Inject Spamlinks wrap with extra Inline CSS for cloacking
- Target High PR Sites → PR5 and above
Related Post
- Matt Heaton BlueHost HostMonster CEO’s Official Blog Hacked
- How to Removed Wordpress.net.in Spam Injection
- Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II
3 Responses to “Blackhat SEO Spammer targeting High PR WordPress Blog”
[...] Blackhat SEO Spammer targeting High PR WordPress Blog - by Noah (14 Feb 2008) [...]
This is a very valuable info ty for the sharing it with us.
[...] Blog “schreiben” dürfen. Auf cre8asite.net gibt es Details dazu, und wenn man sich diesen Link und die weiterführenden anschaut, wird es richitg [...]
Webrocker » Wordpress Hackereien : http://www.webrocker.de/2008/03/21/wordpress-hackereien/