VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
セキュリティリサーチ

Blackhat Spam SEO: Which Sites Get Hijacked?

image
JULIEN SOBRIER
12月 06, 2010 - 2 分で読了

I have looked at 1,123 legitimate sites which have been hijacked to host spam pages redirecting users to a fake AV page. I'd assumed that most of them would be running WordPress, Joomla!, OSCommerce and other open source software known to have a history of security issues. In reality, these software packages actually represent less than 15% of all hijacked sites.
 

Image
Type of Software used to create the hijacked sites


Also, a large number of hijacked sites actually had no dynamic pages - they contained only images, JavaScript, CSS and HTML files. As such, they are unlikely to have been hacked through a vulnerability in the software installed. Therefore, we can assume that one of the two following techniques were leveraged to add the PHP scripts used to generate spam pages to the sites:

 

  1. Admin credentials have been stolen/brute forced, or webmaster kept the default login/password. The malicious scripts where simply uploaded using their FTP account or a web based admin interface.
  2. Shared hosting servers could have been compromised.

The second possibility is the most likely. There have been mass-infections reported in the past for GoDaddy, BlueHost, Dreamhost, etc. The distribution of hacked sites by hosting companies is interesting:

 

 

 

Image


The Endurance International Group, which owns 20 hosting companies (iPowerWeb, Pow Web, Dot5 Hosting, StartLogic, Fatcow, Globat, etc.) hosts 38% of the hijacked sites. Bluehost, a rather small hosting provider, represents 28% of the hijacked sites. However, the biggest providers host a small proportion of sites used for malicious spamming: 2% for GoDaddy, and less than 0.5% for 1&1.

It seems that most of the legitimate sites have been hijacked through a vulnerability in their hosting platform rather than in the software they are running. That's not good news for the webmaster who wants to keep his site safe: part of the problem is out of their control, keeping your WordPress or Drupal version up to date and locked down is not enough - you also need to seek out a secure hosting provider.

-- Julien

 

 

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。