Site hacked, urls spammed

Forum Moderators: martinibuster

Message Too Old, No Replies

Site hacked, urls spammed

How should I handle the aftermath?

xtreem

5:09 am on Nov 20, 2006 (gmt 0)

A directory on my site was exploited and dozens of high paying keyword type html files added. These html files simply redirected to some lousy MFA scumbags site.

The url to these files was spammed out to dozens of blogs, and I actually get a bit of traffic on those keywords and urls now. (obviously I have since removed the files and their redirections etc).

The question is.. what should I do with those urls now? What would you do?

My options as I see it are:

a. return 404s or some other error
b. 301/302 redirect to my main hobby site index.html
c. set up some MFA type page at those keyword.htmls and try make some money

But will google penalise me for that spam? Why did those spammers spam my url with those html meta redirects instead of their own url? (i am not a high profile competitor to anyone).

swa66

10:55 am on Nov 20, 2006 (gmt 0)

- Put up a sorry page on those URLs, explaining the hack.
- Notify adsense you had nothing to do with the spamming, nor are making profit off of it.
- Hope your not going to get penalized for it all (PR drop, bans, ...)
- Those directing a lot of traffic to you: contact the owner and ask them to remove the spammed links.

Tropical Island

12:12 pm on Nov 20, 2006 (gmt 0)

Report the AS MFA account number to Google AdSense with an explanation.

[edited by: Tropical_Island at 12:13 pm (utc) on Nov. 20, 2006]

sailorjwd

12:16 pm on Nov 20, 2006 (gmt 0)

Can you tell us how this likely happened?

And how we might prevent the same problem on our sites?

xtreem

1:22 pm on Nov 20, 2006 (gmt 0)

Well actually the target site isn't an MFA, its not running ads anymore. It was probably pointing to a compromised machine that has since been fixed. But its obvious from the variation of keywords etc thats what it did point to.

I'm not sure why I would contact Google. If someone wants to spam someone elses url around theres nothing stopping them from doing that. No-one should be penalised for that. Surely what I display on non-ad pages of my site is of no concern to the adsense team?

Note that the 'spam' was just 'trackback' style hits to a bunch of blogs. Along with hundreds of other sites obviously hacked in the same way, probably all redirects to the same site.

It was possible by the hackers/spammers because I had a vulnerable version of magpie rss library running. Theres an exploit for it which allows someone to write any files they want to the server.

I still dont understand why they did it though. Perhaps by having lots of URLs from different domains redirecting to the same site it gives the target some kind of PR boost. Or maybe there is a penalty for doing that, and they wanted to avoid getting the penalty themselves. Or perhaps those blogs only list unique 'trackbacks' so the spammers hacked heaps of different sites to get lots of trackbacks on those blogs.