| LED Digest 2227: Sinister Site Hijackers |
|
|
|
The bulk of this issue is devoted to site hijackings. In at least one case,
these fraudsters show some real ingenuity. Plus, font sizing... and more!
==================================================
From: Anton LasichThe LED Digest Moderated Discussion List "Effective Online Advertising, Since 1997" Data > Information > Knowledge > Wisdom pair Networks: The LED's Web Host Hosting and Domain Registration from a Trusted Leader pair.com for Hosting | pairNIC.com for Domains ================================================== List Moderator: Published by: Adam Audette LED Digest adam, led-digest.com http://www.led-digest.com ............................................. August 17, 2006 Issue no. 2227 ............................................. .....IN THIS DIGEST..... ==== CONTINUING ================= --== Hijacked by a Porn Site ==-- ~ Anton Lasich "Google needs to...be more understanding to Web owners who [have been victimized]." ~ Cheryl Berry "...reserving your server IP and utilizing virtual IPs has advantages." ~ Janell Vasquez "Is cPanel included with your hosting package?" <Moderator Comment> ~ Raymond Freeman "...there are ways and means to access super high speed connections." --== The Click Fraud Saga ==-- ~ Michael Martinez "There are some serious problems with [the Google report]..." --== Font Sizing ==-- ~ Sandra Linley "Did I create a monster...?" ~ Michael Martinez "The following section of style sheet code from [SEOMoz] includes the missing line." ==== BILLBOARD =================== --== The AOL Search Blunder ==-- ~ GJ Berg Subject: Hijacked > I opened the two [folders] and found a full blown > porn site with thousands of links on my server. - Peter D'Aprix, LED 2225 I think that this problem is more widespread amongst the community and has the possibility to become endemic! This having been said I would think Google needs to re-address its loyalties and be more understanding to Web owners who have had their sites hacked etc. We have people using our domain in sending out crap email and google's gmail says we are at fault! I really think google and companies like this should be investing in time to help Web owners and not penalise them for events that occur that are out of our control or malicious. Anton Lasich -------- new post - same topic -------- From: Cheryl Berry Subject: Hijacked Hi Peter, I cringe when I read stories like this and hope when the offending material is removed, the Google Gods will be kind to your domain and site once again! Yours and posts of others often leave me with questions about the details that would assist LEDers in offering viable input, so I'll use your post as the example if that's OK. In order to narrow down the likely options, it would help if more details were provided in the post. For instance, in your case, I would want to know: (1) is your site hosted on a shared or dedicated server? (2) is a hardware, software or both type firewalls installed? (3) is your server managed by the host company under your contract of self-managed? (4) how do you access your server - FTP, VPN, desktop and what programs do you use for that access? (5) how often do you review directories and files on that server? (6) how often do you change passwords for that server? (7) who do you 'know' has access to the server? By process of elimination e.g. it can't be that and it can't be this, you can more easily put your finger on what security measures need tightening. I've also found that reserving your server IP (if you use dedicated) and utilizing virtual IPs has advantages. A site can easily be moved to any number of virtual IPs quickly and easily without compromising the entire system. Changing the TTL to a short period of time will allow a quick refresh throughout the Internet and all of this gives more control over the security of your domains and sites. You made one very specific comment that would lead me to believe your hijack is an inside job... "And they had all been uploaded within a duration of a few minutes back on June 23"... I suspect just like most identity theft, someone you know or someone who knows you has direct access to your server. Check your event logs or have your host tech do it. In Computer Management (Windows system) under system tools, there is an event viewer. It shows every time someone has logged into your system, what login and password were used, what action was taken and better yet, the IP address of the user. I for one would like your follow up post to let us all know what you find, how you find it and the action taken to prevent future security breaches. Lastly, I expect all of us here are intimate with our sites usages, rankings and the usual day-to-day expectations. The minute something seems a even bit off kilter, I start digging! Knock on wood, I've not found a deep hole yet. Best regards, Cheryl Berry -------- new post - same topic -------- From: Janell Vasquez Subject: Site Hijacking Peter, There is a current thread on the Search Engine Watch forums that may be related to your issue: http://forums.searchenginewatch.com/showthread.php?t=12924 Matt Cutts of Google and one of his co-workers have both posted to the thread. Is cPanel included with your hosting package? This seems to be a common thread. You might consider posting your own experience. If those guys are watching the thread, and your issue is related, I bet they'll look into it. This problem certainly has their attention. Janell Vasquez accuservwebsolutions.com <Moderator Comment> This is a Google employee's response near the end of page 2: "I'm Brian White and I'm on the webspam team at Google with Matt. We've discovered that the likely explanation is that a third party gained access to a number of sites and dropped files in these accounts (including a modified .htaccess using rewrite rules) for the purpose of rewriting the home page through a proxy script. The proxy script adds links when Googlebot visits, and in a sinister twist, adds the rel=nofollow link to cap off PageRank bound for any external URL not under control of this third party. As Danny noted, they also add a NOARCHIVE meta tag to disable the cached version in results." If only these people directed their ingenuity towards legitimate ends. -Adam -------- new post - same topic -------- From: Alberto Matos Subject: Site Hijacking and Porno Fiends While I don't know what to tell you about Google, that fast of an upload could only have taken place from either inside the ISP's network, or through someone connected by a T1 or a T3 line. These days they are not as rare as one would think, since many offices use T1 and T3 lines in larger cities. I recently did some work for a client who is a property manager, and has an office in Manhattan (New York City) with just three computers. They have a T1 in the place. I guess I'm in the wrong line of business. I know another client who owns a restaurant, and also has a T1 for internet access. Anyway, the point is that there are ways and means to access super high speed connections. So what your describing is not impossible. If the webserver is of the IIS variety and was not patched, it is suffering from some of the many well documented vulnerabilities, and well, history speaks for itself... Also, certain computer viri and malware exist solely to capture passwords and other input from your keyboard and pass it on, so the "leak" might even be your own computer. It pays to be safe and check all options. I do a lot of computer recovery work after a virus or worm has had it's way, and I see this a lot. If everything at home checks out fine, I would change hosting services just as a matter of security for your sites. It's a scary world out there and you shouldn't need to worry about whether your websites are in peril of even more of this sort of abuse. Alberto Matos, Resident Wizard of RayJan Internet Solutions (aka Albert) http://rayjan.com -------- new post - new topic -------- From: Michael Martinez Subject: Click fraud > Is Google underestimating fraud? The SES > incident makes me wonder if "don't be evil" > includes "don't be equivocal" in this case. - Moderator Comment, LED 2226 I read the Google report when it was published. There are some serious problems with it because they fail to disclose critical data and make some broad assumptions: http://snipurl.com/v1sl [google-says.blogspot.com] Michael Martinez http://www.michael-martinez.com/ -------- new post - new topic -------- From: Sandra Linley Subject: Font sizing > I think more and more site owners are becoming > sensitive to their older users, as I've seen several > text size adjustment opportunities at sites... - Will Bontrager, LED 2225 Back in 1999, when I created my website, http://www.bindependent.com, I knew little about programming. But I did know that my intended audience - those with disabilities and the elderly - would benefit from larger text. So I increased the text size from 12 to 14 points throughout. How? Not by changing the default text (remember my state of programming ignorance), but by manually overriding that default - paragraph by paragraph, page by page. Did I, although with the best of intentions, create a monster that wrests away control from visitors to B Independent? And, if so, am I compelled to undo the re-sizing in the same manner as I added it, paragraph by tedious paragraph? Or is this really a matter of little consequence - despite it, could B Independent implement an on-page text size adjustment option? And if so, could someone point me to a script that accomplishes this? Thanks for any guidance. Sandra Linley B Independent - our products help -------- new post - same topic -------- From: Michael Martinez Subject: Font sizing > ... someone else suggested a missing piece of > CSS code that... enabled me to click on the links. - Michael Martinez, LED 2224 > Michael, would you please share that code > with us? I'm sure many would appreciate it. - Will Bontrager, LED 2225 Will, you have no idea of how many old SEOMoz posts I had to sift through to find this. :) The following section of style sheet code from their site includes the missing line. Someone suggested to Matt (Oatmeal) that he add the "cursor: pointer" line. The problem I had reported was that I could not click on the "Add Comment" links in their blog with Internet Explorer. You had to exactly position the cursor over the right spot, and the cursor wasn't helping show where that spot was. Code: --------------------- add_comment { text-decoration: underline; background: #fff url(/images/icons/add_comment.gif) no-repeat top left; padding-left: 19px; display: block; margin: 10px 0 20px 0; text-align: right; float: right; cursor: pointer; } --------------------- Whether sites that unintentionally freeze fonts have also omitted some CSS code is beyond me. I leave the style sheeting to my partner. Michael Martinez http://michael-martinez.blogspot.com/ ==== BILLBOARD =================================== From: GJ Berg Subject: AOL Searches > I'm sure you saw this week how AOL made a mistake by releasing > search data for some 20 million searches. Then, the NY Times ran > an article about how closely linked searches are with searchers... - Moderator Comment, LED 2223 http://www.macworld.com/news/2006/08/15/effftcaol/index.php?lsrc=mwrss Electronic Frontier Foundation is asking the US Federal Trade Commission to force AOL to inform those individuals it released their search information and pay for a year of credit monitoring to help prevent identity fraud. GJ Berg Go SHARKS!!!
-------------------------------------------------------
The LED Digest is sponsored by pair Networks:
pair.com for Hosting | pairNIC.com for Domains
© Copyright 1995-2006 Orange Wheel, LLC. All Rights Reserved.
-----------------------------------------------------------------
"Some people weave burlap into the fabric of our lives, and some
weave gold thread. Both contribute to make the whole picture
beautiful and unique." - Anon.
|
