-
-
I’ve been monitoring mattheaton.com “wordpress.net.in goro spam injections” for this past few months. Noticeably, the blackhat spamming method is changing dramatically. For those who are still unaware of Wordpress Goro Spam please read my earlier post → Wordpress.net.in Spam injection& Gaming Bluehost & Hostmonster CEO’s Blog.thinkingphp.org (PR6) & jensfrake.com (PR7) has been hijacked by “Wordpress Blackhat SEO Spammer” for this month. Both sites were running on WordPress 2.3.2.
By now the <div id=”goro”> signature has been replaced with “Inline CSS” wrapper.
Cloacking Check on Mattheaton.com
- Normal Browser
- 32,246 characters - mattheaton-com-source.txt
- Google bot
- 34,646 characters - mattheaton-com-googlebot-source.txt
- Difference
- 2,400 characters
Cloacking Check on jensfrake.com & blog.jensfrake.com
- Normal Browser
- 59,580 characters - blogjensfrakecom.txt
- Google bot
- 59,699 characters - blogjensfrakecom-googlebot.txt
- Difference
- 119 characters
While scanning jensfrake.com their server return 400-500 error, so we had to scan his (clone) subdomain blog.jensfrake.com instead of the main site
This time around, you wont see the spam on both of this website, all the spam links is position out of the client view-port (top -3337px, left -2227px).
another mathematical jokes, l33t.
<div style="left: -2227px; position: absolute; top: -3337px">
What’s new with Goro spam 2008
- WordPress <= 2.3.2 is vulnerable to this attack.
- Inject Spamlinks wrap with extra Inline CSS for cloacking
- Target High PR Sites → PR5 and above
Related Post
- Matt Heaton BlueHost HostMonster CEO’s Official Blog Hacked
- How to Removed Wordpress.net.in Spam Injection
- Matt Heaton Bluehost Hostmonster CEO Hacked Again - Strike II
External Links
-
- February 14, 2008 at 8:14 pm
- June 25, 2008 at 11:28 am
- 0.3
- url
-
-
-
4 Responses to “Blackhat SEO Spammer targeting High PR WordPress Blog”
Trackback URL: Use the TrackBack url ↑ to ping this article. If your blog does not support Trackbacks you might want to leave a comment instead. -
-
-
- permalink
-
[...] Blackhat SEO Spammer targeting High PR WordPress Blog - by Noah (14 Feb 2008) [...]
-
- 2 pingback(s) þ blog.cre8asite.net on WordPress 2.3.3
-
-
- permalink
-
[...] Blog “schreiben” dürfen. Auf cre8asite.net gibt es Details dazu, und wenn man sich diesen Link und die weiterführenden anschaut, wird es richitg [...]
-
- 1 pingback(s) þ www.webrocker.de on WordPress 2.3.3
-
-
-
"write as if you were talking to a good friend (in front of your mother)."
.haveyoursay
Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.
-
This is a very valuable info ty for the sharing it with us.
Doesn't effect WP 2.5.1, isn't it?