Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Exploit Blackhat SEO (type 1703)

6,196 views
Skip to first unread message

Richard Head

unread,
Nov 15, 2010, 2:44:28 PM11/15/10
to
When I visit the following site and click on any of the options/links AVG
reports a Web Shield Alert caused by Exploit Blackhat SEO (type 1703).
Does anyone else get this response? I have searched on Google and not really
come up with a clear answer.

http://www.kttchurch.org.uk/

--
Each time someone stands up for an ideal or acts to improve the lot of
others, or strikes out against injustice, he sends forth a little ripple of
hope.
Robert F. Kennedy


Ant

unread,
Nov 15, 2010, 7:30:24 PM11/15/10
to
"Richard Head" wrote:

> When I visit the following site and click on any of the options/links AVG
> reports a Web Shield Alert caused by Exploit Blackhat SEO (type 1703).
> Does anyone else get this response? I have searched on Google and not really
> come up with a clear answer.
>
> http://www.kttchurch.org.uk/

No need to search google, just look at the raw html of the pages.
There's a mass of hidden links at the bottom of each of them.
Whoever's running that server should fix the vulnerability that
enabled all that crap to be injected. You might want to tell them
about it.

Server: Apache/2.0.63 (FreeBSD) mod_python/3.3.1 Python/2.5.1
PHP/5.2.6 with Suhosin-Patch mod_fastcgi/2.4.6 mod_ssl/2.0.63
OpenSSL/0.9.7e-p1 DAV/2 mod_perl/2.0.4 Perl/v5.8.8
X-Powered-By: PHP/5.2.6


David H. Lipman

unread,
Nov 15, 2010, 10:28:48 PM11/15/10
to
From: "Ant" <n...@home.today>

| "Richard Head" wrote:

>> http://www.kttchurch.org.uk/

Thanx Ant.

A WGET download of the INDEX.HTM submitted to VT shows nothing as well as JSUnpack and
Wepawet and I don't see malwicious code. Just the appnded URLs as you noted.

So is this AVG and its webcrawler component going out to the web site and saying the web
site is Exploitable for the 'Blackhat Search Engine Optimization (SEO)' ?

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp


Richard Head

unread,
Nov 16, 2010, 3:50:14 AM11/16/10
to
"Ant" <n...@home.today> wrote:

> "Richard Head" wrote:
> No need to search google, just look at the raw html of the pages.
> There's a mass of hidden links at the bottom of each of them.
> Whoever's running that server should fix the vulnerability that
> enabled all that crap to be injected. You might want to tell them
> about it.

Thanks for that. Are you saying that the site has been hacked? I have tried
clicking on Contacts to notify them of the problem but of course all I get
is the AVG Alert warning.


Ant

unread,
Nov 16, 2010, 6:27:18 AM11/16/10
to
"David H. Lipman" wrote:

> So is this AVG and its webcrawler component going out to the web site and saying the web
> site is Exploitable for the 'Blackhat Search Engine Optimization (SEO)' ?

I doubt if it actively tests sites. It's probably just scanning the
page when accessed for suspicious content; in this case, a lot of
hrefs after the closing html tag.


Ant

unread,
Nov 16, 2010, 6:27:52 AM11/16/10
to
"Richard Head" wrote:

> "Ant" wrote:
>> Whoever's running that server should fix the vulnerability that
>> enabled all that crap to be injected. You might want to tell them
>> about it.
>
> Thanks for that. Are you saying that the site has been hacked?

Yes.

> I have tried clicking on Contacts to notify them of the problem but
> of course all I get is the AVG Alert warning.

Well, ignore it or temporarily turn it of. The hidden content won't
hurt you.


FromTheRafters

unread,
Nov 16, 2010, 7:52:54 AM11/16/10
to
"Richard Head" <Dick...@englandmail.com> wrote in message
news:ibtgk6$b2f$1...@news.albasani.net...

Their "contacts" php page is also affected.
hxxp://www.kttchurch.org.uk/pages/home/contact-us.php


tre...@world-markets.biz

unread,
Jul 5, 2013, 6:07:14 AM7/5/13
to
I am complaining to AVG about this, I just got it on my very own website also, and there is nothing wrong with it.. looks to me as if AVG are not as good at this
as they think they are. Ie throwing the baby out with the bath water.

usenetopian

unread,
Jul 13, 2013, 5:34:41 PM7/13/13
to
AVG isn't that great of an A/V in general

byj...@gmail.com

unread,
Dec 6, 2013, 4:02:42 PM12/6/13
to
On Friday, July 5, 2013 3:07:14 AM UTC-7, tre...@world-markets.biz wrote:
> I am complaining to AVG about this, I just got it on my very own website also, and there is nothing wrong with it.. looks to me as if AVG are not as good at this
>
> as they think they are. Ie throwing the baby out with the bath water.

A missing </html> tag at in a document will also trigger this warning if there are enough links down near the bottom of the page. I just encountered this on the web site for a store. Did your own web site pass muster with http://validator.w3.org/?

FromTheRafters

unread,
Dec 6, 2013, 5:17:59 PM12/6/13
to
byj...@gmail.com submitted this idea :
Sorry, all submissions must be in before five months have passed.


RayLopez99

unread,
Dec 9, 2013, 4:18:44 PM12/9/13
to
Another example: if you go to https://chessbase.com/ you will find they are using an expired HTTPS security certificate, and certain browsers like Google Chrome will give you a nasty warning...but in this case it's a false positive.

RL

jonand...@gmail.com

unread,
Jan 10, 2014, 11:53:26 AM1/10/14
to
http://www.webtec-braun.com/seoplugin/?p=38403

Is this link about considered Black Hat Seo?

udemy...@gmail.com

unread,
Dec 6, 2015, 2:19:22 PM12/6/15
to
Best BlaCK hAT fORUM.


GET MUCH MORE

http://bestblackhatforum.eu/index.php
0 new messages