• Resolved ms100

    (@ms100)


    Hi support,

    Hope you are doing well today.

    Should the plugin be able to detect spam injection (Japanese Keyword SEO Hack)?

    Like these for example:

    ourdomain.com/?s=一流的Salesforce Health-Cloud-Accredited-Professional:Salesforce Health Cloud Accredited Professional 最新題庫資源 – 確保通過的Newdumpspdf Health-Cloud-Accredited-Professional 熱門證照 ?? 複製網址??https://www.newdumpspdf.co??打開並搜索? Health-Cloud-Accredited-Professional ?免費下載Health-Cloud-Accredited-Professional考試資料

    Thank you very much in advance.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Eli

    (@scheeeli)

    That depends… Are these spam links in comments? My plugin does not handle comment spam, there are lots of great plugins specifically for dealing with spam comments.

    If this not a comment based issue then, yes, in general, this is one of the types of threats that my plugin was designed to find. Make sure that you have the latest definition updates and run the Complete Scan, if it doesn’t find anything then maybe this threat has found a new way to conceal itself.

    If your are looking for more than just a general overview then I would need more information to go on. The example excerpt you posted could be generated anywhere on your site and from almost any file on your server, or it could even have been injected directly into your database. The source code for a hack like this can vary greatly and can even be made to look like other legitimate PHP code, and it might in no way resemble the output you have found on your pages.

    If it turns out that nothing malicious is found on your site but this unwanted injection remains then would you please be willing to provide more information, to start with: Where is this output found on your site (please include a URL so that I can see this output on the page)?

    You can contact me directly if you don’t want to post any links on this public forum:

    eli AT gotmls DOT net

    Thread Starter ms100

    (@ms100)

    With the help of Yoast support and @scheeeli, it seems like there is no infection in our database. The complete scan could find it, because it is not there. Lucky me!

    Anyone can point any hyperlink to your domain, and there is nothing you can do about that.

    But if anyone is having spammy backlinks or facing simular issues. These Yoast plugin settings can help you deal with the situation.

    Thread Starter ms100

    (@ms100)

    Regarding my previous message:

    The complete scan could find it

    should be

    The complete scan could not find it

    Plugin Author Eli

    (@scheeeli)

    Thanks for the followup explaining your solution. I just want to clarify that no malware scanners found anything on this site because there was not any malware on the site to be found.

    Furthermore, I would like to expand on true cause of this exploit and propose an alternate solution for those who do not use Yoast on their site. First, it is important to understand that this type of exploit uses the search results page on your site to produce a page that contain whatever text is supplied as the search phrase. Therefore, this technique only works if your theme is designed to repeat back the search text on the results page (which most are). The most direct solution in all cases would be to simply remove the output of the given search phase from the search results template of your theme, or just use a theme that does not carelessly print out on the page whatever text anyone happens to search for on your site.

    To see if your site’s theme is susceptible to this exploit simply type your domain into your browser followed by this:

    /?s=You+have+been+hacked

    Don’t worry, you haven’t really been hacked, but you can then understand that you wouldn’t want just anybody to link to a page like this on your own site that could essentially say whatever they want to the visitors that follow such a link. Obviously, further consideration should be made when evaluating the way most themes handle this input/output relationship.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Spam link injection’ is closed to new replies.