<< Back to Blog

Analysis of Blackhat SEO attacks

Hackers are using new sophisticated botnet-driven SEO attacks to promote adult sites and online pharmacies. Web search engines use different algorithms to rank a site, but one of the most significant parameters is how many sites contain links to the website, and how high-ranked are these sites. Therefore, attackers exploit hundreds of websites to increase the search engine ranking of sites which they promote by injecting links.

They use different technics: SQL injection, HTML link injection, cross-site scripting (XSS) and comment spam. The more popular your site is, the more valuable it is for a hacker and the more possibilities to become a victim of Black Hat SEO attacks exist. Moreover, since the announcement of Penguin Algorithm Update, which was introduced by Google, the new attack vector was created. If you used black hat SEO techniques, the search engine ranking of your website would be automatically decreased. That is why your site rank will be decreased if attacks are successful. In addition, compromised web application become more vulnerable to other attacks.

Usually, attackers use specially built bots to detect common vulnerabilities in the most popular Content Management Systems such as Wordpress, Drupal, Magento and their plugins. For example, WordPress SEO by Yoast, which is a popular WordPress plugin used to improve the Search Engine Optimization (SEO), was vulnerable to blind SQL Injection Attack.

http://127.0.0.1/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc

The vulnerability allowed compromising the entire website. Similar problems might be found with any other CMS. RST Cloud has integrated IP reputation-based detection which is the best way to stay informed against illegal web commerce. Also, it provides signature detection and anomaly detection methods for the vulnerabilities mentioned above.



Posted on July 21, 2016 by Yury Sergeev