Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Recherche sur la sécurité

Blackhat Spam SEO: Which Sites Get Hijacked?

image
JULIEN SOBRIER
décembre 06, 2010 - 2 Min de lecture

I have looked at 1,123 legitimate sites which have been hijacked to host spam pages redirecting users to a fake AV page. I'd assumed that most of them would be running WordPress, Joomla!, OSCommerce and other open source software known to have a history of security issues. In reality, these software packages actually represent less than 15% of all hijacked sites.
 

Image
Type of Software used to create the hijacked sites


Also, a large number of hijacked sites actually had no dynamic pages - they contained only images, JavaScript, CSS and HTML files. As such, they are unlikely to have been hacked through a vulnerability in the software installed. Therefore, we can assume that one of the two following techniques were leveraged to add the PHP scripts used to generate spam pages to the sites:

 

  1. Admin credentials have been stolen/brute forced, or webmaster kept the default login/password. The malicious scripts where simply uploaded using their FTP account or a web based admin interface.
  2. Shared hosting servers could have been compromised.

The second possibility is the most likely. There have been mass-infections reported in the past for GoDaddy, BlueHost, Dreamhost, etc. The distribution of hacked sites by hosting companies is interesting:

 

 

 

Image


The Endurance International Group, which owns 20 hosting companies (iPowerWeb, Pow Web, Dot5 Hosting, StartLogic, Fatcow, Globat, etc.) hosts 38% of the hijacked sites. Bluehost, a rather small hosting provider, represents 28% of the hijacked sites. However, the biggest providers host a small proportion of sites used for malicious spamming: 2% for GoDaddy, and less than 0.5% for 1&1.

It seems that most of the legitimate sites have been hijacked through a vulnerability in their hosting platform rather than in the software they are running. That's not good news for the webmaster who wants to keep his site safe: part of the problem is out of their control, keeping your WordPress or Drupal version up to date and locked down is not enough - you also need to seek out a secure hosting provider.

-- Julien

 

 

form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

dots pattern

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.