--
Each time someone stands up for an ideal or acts to improve the lot of
others, or strikes out against injustice, he sends forth a little ripple of
hope.
Robert F. Kennedy
> When I visit the following site and click on any of the options/links AVG
> reports a Web Shield Alert caused by Exploit Blackhat SEO (type 1703).
> Does anyone else get this response? I have searched on Google and not really
> come up with a clear answer.
>
> http://www.kttchurch.org.uk/
No need to search google, just look at the raw html of the pages.
There's a mass of hidden links at the bottom of each of them.
Whoever's running that server should fix the vulnerability that
enabled all that crap to be injected. You might want to tell them
about it.
Server: Apache/2.0.63 (FreeBSD) mod_python/3.3.1 Python/2.5.1
PHP/5.2.6 with Suhosin-Patch mod_fastcgi/2.4.6 mod_ssl/2.0.63
OpenSSL/0.9.7e-p1 DAV/2 mod_perl/2.0.4 Perl/v5.8.8
X-Powered-By: PHP/5.2.6
| "Richard Head" wrote:
>> http://www.kttchurch.org.uk/
Thanx Ant.
A WGET download of the INDEX.HTM submitted to VT shows nothing as well as JSUnpack and
Wepawet and I don't see malwicious code. Just the appnded URLs as you noted.
So is this AVG and its webcrawler component going out to the web site and saying the web
site is Exploitable for the 'Blackhat Search Engine Optimization (SEO)' ?
--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp
Thanks for that. Are you saying that the site has been hacked? I have tried
clicking on Contacts to notify them of the problem but of course all I get
is the AVG Alert warning.
> So is this AVG and its webcrawler component going out to the web site and saying the web
> site is Exploitable for the 'Blackhat Search Engine Optimization (SEO)' ?
I doubt if it actively tests sites. It's probably just scanning the
page when accessed for suspicious content; in this case, a lot of
hrefs after the closing html tag.
> "Ant" wrote:
>> Whoever's running that server should fix the vulnerability that
>> enabled all that crap to be injected. You might want to tell them
>> about it.
>
> Thanks for that. Are you saying that the site has been hacked?
Yes.
> I have tried clicking on Contacts to notify them of the problem but
> of course all I get is the AVG Alert warning.
Well, ignore it or temporarily turn it of. The hidden content won't
hurt you.
Their "contacts" php page is also affected.
hxxp://www.kttchurch.org.uk/pages/home/contact-us.php