Google Search Returns Cialus or Viagara
We hear various terms thrown around whenever a popular web site gets hacked. SQL Injection, session hi-jacking, cross site scripting, etc. Web site hacks may be performed by malicious users and in more cases than not, just to prove they can do it.
As web site developers, we had to recently deal with a web site hack with the sole motivation to steal web site traffic from the targeted web site.
Google Search Returns Cialus or Viagara – Details
The attack caused our clients web site to be indexed by Google with false page titles, descriptions, and in some cases redirecting the traffic to a third party web site. When a regular user visited the site everything seemed normal. The HTML source was not altered in any way. So how was Google indexing the site with the false information?
The malicious user was successful at spreading hidden PHP code throughout the site, leveraged by the fact that the images folder had world writeable access and using the knowledge to upload a password protected rootkit. Please note the initial hack entry point being the images folder. This was not the end of the trail, and removing the PHP scripts from the images folder was definitely not the solution. Upon inspection of the PHP scripts it became evident that the file contained somewhat encrypted code. The code was being escaped > eval > gzinflate > base64decode which effectively hides the real source code from prying eyes. This code was also password protected so that not just anyone can use it.
In order for us to locate the real problem files in the site that were causing the redirection and not just how the redirection was being created took a little skill (and obvious knowledge of how the scripts were working). In our case, the scripts got loaded from one main entry point that we were able to locate fairly easily. Being the sole developers who manage the site we were also able to utilize file date and timestamps to determine which files were modified. Once we had this information we were able to locate the changed files, which in this case were JPEG files. That
Hello my friend! I wish to say that this article is amazing, nice written and come with almost all important infos. I would like to peer more posts like this .
Spot on with this write-up, I honestly believe this site needs a lot more attention. I’ll probably be back again to read more, thanks for the info!
The feeling could be used by option living. We recommend these destination everybody. I like considering that plenty. Thanks throughout like high quality posts.