FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Data injection problems
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Data injection problems [message #169582 is a reply to message #169577] Sat, 18 September 2010 12:01 Go to previous messageGo to previous message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma:
Senior Member
On 18/09/10 12:00, Beauregard T. Shagnasty wrote:
> Michael Fesser wrote:
>
>> Short addition: Opera and Firefox show clean code, Lynx gets the spam.
>
> Probably because Lynx (text-only browser) doesn't utilize the CSS and
> the positioning stuck in the hacker's addition.
>
> Remember that "line 130?"
>
> <div style='position:absolute;top:-95832;left:-948289;'>
>
> It places all those viagra links 95-thousand pixels above the top of,
> and nearly a million pixels to the left of, your graphical browsers'
> viewports.
>
> I'm not sure why the hacker/spammer doesn't want visitors to see them.
> Surely, nobody is going to click on them. Maybe the h/s is just wanting
> the googlebot to find them. <shrug>

Ah, that would explain why the source concerned isn't served to known
browsers.

I requested the page with:

wget - had the links
amaya - had the links

ff 3.6, seamonkey, chrome, opera, epiphany, konqueror - no links

ie under wine - I can't view source (need to look at that) so I don't
know if it was delivered or not.

op reported that it appeared in lynx

Perhaps the server config has been hacked to tack the code onto pages
for search agents?

I couldn't see anything like an include in the original php at the point
that the hack appears, it's after the closing "</html>" and the op's
code doesn't put anything there, so I suspect a higher level hack in the
server.

Hack the server to deliver the links, but in such a way that they don't
appear except to spiders?

So they bump up the ratings for the website whenever anyone does a
google etc search for the meds concerned?

So basically it's a hack by the fake pharmaceuticals people to bump
their websites higher up the search engines, and not actually intended
to be seen by people browsing the websites (because once it's been
noticed, it's likely to get looked at and removed).

Rgds

Denis McMahon
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Usage of named entities (HTML) in imagettftext
Next Topic: Dynamic form generation
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 30 06:54:48 GMT 2024

Total time taken to generate the page: 0.16588 seconds