Top
Home > Subblog Home

Website defacements

October 9, 2008

Rate Post:
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...


by wewatchyourwebsite

In the recent days (today is October 9, 2008), I have seen numerous blogs and forums regarding how various websites have been defaced.

If you Google “hacked by iskorpitx”, “hacked by CyberRoot”, “hacked by darkc0der” you’ll see what I mean.

Now, I know that in the world of cybercriminals/hackers, website defacement is considered lame.

Why?

Because to a real cyber criminal why hack into something unless you can get something out of it.

Some of the recent successful exploits included modifying the footer on many popular Wordpress based sites simply to use their Google ranking to point to their sites selling various goods.

Not to single out WordPress, many Joomla and Drupal sites have been “hacked” as well. As of today, blogrolling.com is out of commission after being defaced.

Think of this, if the attacker could deface your website, what else do you think they could do?

Answer: Anything they want.

It’s all about SERPs and SEO - the criminal way.

If you Google with: intext:”title=Buy Nexium” you’ll be able to see which sites are infected (or at least other sites that were infected as some of them are cached)

What was really interesting about some of these breaches was that first the links would only show if the user agent was googlebot. They didn’t want their code showing unless it was to be indexed by Google. Like I said it’s all about SERPs and SEO - drive more traffic off of your work, to their sites. I don’t think you can call that clickjacking, but it deserves some kind of title.

Interesting.

The second interesting part was that the links in this replacement code were only visible if the “referrer” was set to a known domain. In other words, when we went to check out the sites these links pointed to, we were unable to view the website.

Then we tried by setting our referrer (using Firefox Tamper Data plugin) to the website where we first found these links.

Success!

We were able to see these sites.

This is why our service uses various user agents when comparing a website to the known good baseline. We’ve seen numerous cases in the past where the cybercriminals work could not be seen unless it was a specific user agent and the referrer was from a specific list of sites.

We know that cybercriminals are smart - this proves it.

It pays to be diligent.

 

Share This

Written by wewatchyourwebsite · Filed Under Uncategorized 

Comments

Bottom