Comments on: Blackhat SEO Hidden Links

By: Bill Kruse

Bill Kruse — Sun, 01 Mar 2009 08:46:49 +0000

I think really the only way to find infection of this kind is familiarity with the coding on your own site. I run Sophos on a regular basis and Spybot, Hijackthis and a few other things too now and again but I also run Web Link Validator every now and then as if someone is linking to their site from mine I want to know about it. However, I keep my main site templated, I try not to deviate too much from the one patter so if I make a site-wide change and it doesn’t cover all the pages then I have to wonder, what’s happened to the code on that page?

By: ovidiu c

ovidiu c — Fri, 12 Dec 2008 19:29:43 +0000

So finally, did you reported that website? Some actions against it?

By: JCL

JCL — Mon, 04 Feb 2008 00:13:07 +0000

Hey ! In fact, yes, this has been done by hacking. I saw that there’s a lot of Dotclear blog plateform used in the links you gave (I’m under Dotclear too). I’ve found that a big security hole had been discovered in July 2007, which allowed people, hackers, blackhat seo guys, to take control over your blog. See it here, in French, sorry : http://www.dotclear.net/log/post/2007/07/10/Annonces-de-failles-de-securite

I took contact with the recipe website. What they told me is that they hired a Seo consultant who “promised a huge PageRank to help us with the Google search results, for a minimum amount of money. I have to say we were suspicious at first, as they said they will reach a very high PageRank (6+) in less than 3 months” (sic). So they apologize and will be carefull in the future.

What do you think about that ?

Anyway, thanks again David. I updated some things on my blog, hopefully it will be more secured now.

By: SEO Consultant

SEO Consultant — Sun, 03 Feb 2008 14:31:14 +0000

After receiving a few responses by email from the owners of the affected sites it looks like this isn’t an unethical SEO consultant or web designer adding hidden links, but a hacker!

If you find a link like this on your site that you can’t explain I’d suggest scanning your PCs for Trojans and key loggers since that is an easy way for hackers to gain logging in information from you. Spybot Search and Destroy is free and very good.

So many people run their PCs without adequate virus protection that it’s very easy to gain access to hundreds of PCs within a very short period of time.

When I was at Uni I tried out a popular Trojan called SubSeven and I was surprised how many people downloaded the affected file AND ran it(I think I said it was a guaranteed horse racing betting system) and infected their PC with a Trojan that potentially (I got an email notification of an infection every few minutes for several days!!) allowed me to do pretty much anything I wanted to their PCs. I didn’t do anything malicious, was an ‘innocent’ test (still wrong, I was young), but it is way too easy for anyone with limited skills to gain access to valuable login information.

Alternatively could be a case of a hacker taking advantage of security holes in the software used to host/create your site. Make sure you keep up to date with the latest security releases to avoid these types of problems.

David

By: JCL

JCL — Sat, 02 Feb 2008 23:55:05 +0000

Oh my god ! Thanks a lot for sending me this email, you’re right, they added their recipe website link inside of one of my link (blogroll). I removed it now.

The only way to acheive that is by hacking my blog/server, right (must be a security hole in my Dotclear version) ? Because I’m the only admin on this blog and server. How and where should I complain ?

Thanks again…
http://blog.deepsound.net

By: Brian Deitte

Brian Deitte — Sat, 02 Feb 2008 23:30:31 +0000

Hi, thanks for letting me know about the issue on http://deitte.com I’m a developer, and I’ve never had a consultant work on my site. So something really wrong went on here, and I’m updating my old version of Movable Type immediately.