Forum Moderators: phranque
One technique was a script for referrer spamming that would ping sites, looking for ones that had unprotected stats. The script would then make the stats think that a particular URL was sending traffic to the unprotected site. The idea, as I understand it, is that the search engines would see the referring URL in the stats and treat it like a link.
This doesn't make sense to me on a variety of levels. First, wouldn't the unprotected site get the benefit, and not the referring URL? Second, since the script isn't particularly discriminating when looking for unprotected stats, what good would any link be if it was from a site not related to your niche?
Another technique was proxy spamming. With my limited knowledge, I understood this to be a technique to use other user's computers to spam the world with links to the black hat seo's site. Again, I can't see the benefit, as even if people followed the link, they would most likely find content that didn't interest them.
Maybe I just don't have the depth of knowledge to understand how such techniques would benefit the black hat seo.
The idea is to find a site that has unprotected stats i.e. on a page open to anybody including search engine spiders, that turns their referers into links (for ease of checking out).
When you find one fake a request for one of their pages with the page that you are promoting as the referer. This gets added to their public stats with your page as the referer. The referer gets turned into a link back to your page... the search engines pick it up ... voila.
And no they won't be themed in the slightest but it will be massively automated and aimed at getting thousands of links (or more).
What I've always wondered is how the search engines find these log pages in the first place. Do the black hats have to find another way of directing the SEs there or are there really that many sites that not only have unprotected stats but link to their own unprotected stats as well?
inurl: awstats filetype: txtThe above is the Google Dork that is used to find "just one" of the AWStats holes. There are many. In fact, there "were" so many at one point that I think everyone on the Internet got scanned for an AWStats vulnerability at some point. Heck, I still get scanned for them today.
And, I sometimes wonder about all the complaints pertaining to loss of traffic and if any of those people are using AWStats or some other "Free" statistical program that leaves your stats open for the public to see.
Does locking the directory down protect you from this hack?
Does locking the directory down protect you from this hack?
A search in Google will probably reveal the information you are looking for. Although I'm sure there are a few here with some stories to share with you. ;)
Personally? I'd rid myself of the program based on its history. I've never used it "intentionally" but when I've run into sites using it, there seem to be all sorts of issues at hand with their statistics, they are warped in many instances. But, that was a few years ago, back when things were really out of hand. I think they still are for anyone who has their statistics publicly available. That would be akin to sharing your "personal information" with the world. And then, that personal information can be used for all sorts of things.
Why would anyone want to expose their statistics like that? Think about it. Why would that option even be there? Something ain't right!
And now? Ta-da, Google Trends.
I think the more information that is available about "your site", the greater risk you face in regards to the title of this topic.
If you really want to see the statistical vulnerabilities that are out there, do a search for Goolag and then get ready to do some reading. Also search for Google Dorks, that should lead you to the right destinations. Just be careful over there, they tend to play around with us common folk. ;)
Oh cool, one of the mods here (stuntdubl [webmasterworld.com]) has an excellent review of Google Dorks, search for...
Google Dorks - Interesting Queries - Manual SERP Manipulation
