I’ve been monitoring mattheaton.com “ wordpress.net.in goro spam injections ” for this past few months.我一直在监测mattheaton.com “ wordpress.net.in戈罗垃圾邮件的注资, ”这在过去数个月。 Noticeably, the blackhat spamming method is changing dramatically.明显, blackhat垃圾邮件的方法是不断变化的显着。 For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection & Gaming Bluehost & Hostmonster CEO’s Blog .对于谁是仍然不知道WordPress的戈罗垃圾邮件,请阅读我刚才邮政→ wordpress.net.in 垃圾邮件注射液和游戏bluehost & hostmonster行政总裁的博客 。
thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. thinkingphp.org ( pr6 ) & jensfrake.com ( pr7 )已劫持“的WordPress blackhat徐垃圾邮件发送者” ,本月份。 Both sites were running on WordPress 2.3.2 .这两个网站分别上运行的WordPress 2.3.2 。
By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.由现在<div id="goro">签名已改为“内置的CSS ”包装。
Cloacking Check on Mattheaton.com cloacking检查对mattheaton.com
- Normal Browser正常的浏览器
- 32,246 characters - mattheaton-com-source.txt 32246人物-m attheaton- C OM的s ource.txt
- Google bot Google的建造,营运及移交
- 34,646 characters - mattheaton-com-googlebot-source.txt 34646人物-m attheaton- C OM的G ooglebot的- s ource.txt
- Difference差异
- 2,400 characters 2400字
Cloacking Check on jensfrake.com & blog.jensfrake.com cloacking检查对jensfrake.com & blog.jensfrake.com
- Normal Browser正常的浏览器
- 59,580 characters - blogjensfrakecom.txt 59580人物-b logjensfrakecom.txt
- Google bot Google的建造,营运及移交
- 59,699 characters - blogjensfrakecom-googlebot.txt 59699人物-b logjensfrakecom- g ooglebot.txt
- Difference差异
- 119 characters 119个字元
While scanning jensfrake.com their server return 400-500 error, so we had to scan his (clone) subdomain blog.jensfrake.com instead of the main site而扫描jensfrake.com其服务器返回400-500错误,因此我们不得不扫描他(克隆)的子网域blog.jensfrake.com而不是主网站
This time around, you wont see the spam on both of this website, all the spam links is position out of the client view-port (top -3337px, left -2227px).这个关键时刻,你wont看到垃圾邮件就双方本网站,所有的垃圾邮件链接的立场是出于对用户端检视-连接埠(最高3337px ,左2227px ) 。
another mathematical jokes, l33t. 另一个数学笑话, l33t 。
<div style="left: -2227px; position: absolute; top: -3337px"> <div style="left: -2227px; position: absolute; top: -3337px"> What’s new with Goro spam 2008有什么新戈罗垃圾邮件2008年
- WordPress <= 2.3.2 is vulnerable to this attack.在WordPress < = 2.3.2 ,很容易受到这种攻击。
- Inject Spamlinks wrap with extra Inline CSS for cloacking注入spamlinks总结与额外的内置的CSS为cloacking
- Target High PR Sites → PR5 and above目标高的公关网站→ pr5及以上
Related Post相关文章
- Matt Heaton BlueHost HostMonster CEO’s Official Blog Hacked 马特希亚bluehost hostmonster行政总裁的官方博客砍死
- How to Removed Wordpress.net.in Spam Injection 如何删除垃圾邮件wordpress.net.in注射液
- Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II 马特希亚bluehost hostmonster首席执行官砍死再次-罢工二
External Links外部链接
- National Vulnerabilities Database (NVD) on Wordpress 2.0 > 2.0.5 vulnerabilities 国家漏洞数据库( nvd )就在WordPress 2.0 > 2.0.5漏洞
"));
/*]]>*/
3 Responses to “Blackhat SEO Spammer targeting High PR WordPress Blog” 3 回应 “ blackhat徐垃圾邮件发送者为对象的高公关WordPress所博客”
[...] Blackhat SEO Spammer targeting High PR WordPress Blog - by Noah (14 Feb 2008) [...] [ … … ] blackhat徐垃圾邮件发送者为对象的高公关WordPress所博客-诺亚( 2 008年2月1 4日) [ … … ]
This is a very valuable info ty for the sharing it with us.这是一个非常有价值的信息性为与我们分享。
[...] Blog “schreiben” dürfen. [ … … ]博客“ schreiben ” dürfen 。 Auf cre8asite.net gibt es Details dazu, und wenn man sich diesen Link und die weiterführenden anschaut, wird es richitg [...] auf cre8asite.net gibt部细节,大足, und wenn男子的Sich威迪森链接und模具weiterführenden anschaut , wird部richitg [ … … ]
Webrocker » Wordpress Hackereien : http://www.webrocker.de/2008/03/21/wordpress-hackereien/ webrocker WordPress所hackereien : http://www.webrocker.de/2008/03/21/wordpress-hackereien/