Blog

Using 4Ðw0rÐ$ to sell hackz? LOLZ

by

5 Comments http://bro.gs/npef

I’m not so tech savvy as to know how to carry out any hacking or utilise backdoors (the Pentagon can sleep easy tonight) but when I was looking around for a particular filename when Google suggested these interesting options:

Like I say, I’m no hacker, but that looks like a list of backdoors to me! Out of curiousity I clicked the link and found this…

So Google have suggested the hack or exploit or whatever-the-hell-is-the-correct-terminology and are carrying advertisements for it too! I had a look around and it’s basically a file you can use for an remote file inclusion (RFI) attack on PHP sites. If your site isn’t secure against the attack – then a hacker can more or less do whatever they want with it (here’s an idea off the top of my head: replace the homepage with the words “H$X0R£D by FriendlessBasementGeek”)

Anyway I’m sure it’s a momentary lapse, but it is interesting to see that the Quality Score algorithm in AdWords isn’t (apparently) attuned to this stuff when it’s quite capable of demanding that you pay £5 a click on ‘amethyst necklace’ because you only sell opals or whatever.

5 Comments

  • Andrew@BloggingGuide 1160 days ago

    http://www.webuildyourblog.com

    This is really disturbing! I thought Google is doing everything they can to prevent this from happening.

    Reply

  • Dan Horton SEO 1160 days ago

    http://www.danhorton.co.uk

    Good find Paul many more out there i’m sure

    Reply

  • Chris Peterson 1159 days ago

    You have don very good research.

    Reply

  • Julian Young 1154 days ago

    http://www.julian-young.com

    @Andrew – I wouldn’t say Google (or any other search provider) should take responsibility to censor this sort of thing, making information like this easily accessible means security concerns are always discussed openly and well understood.

    @Paul – Good find ;) I remember when a clients forum was getting blitzed by a backdoor exploit and thanks to google I found out what that exploit was and how to seal it quickly. Bit of a pain though.

    Reply

  • Riju 1152 days ago

    http://tathyaindia.com

    Plz..let me know if I am wrong…cant we restrict Search Engine indexing by .htaccess, I mean we can restrict certain directories or certain areas to be invisible and can chmod different directories so that scripts are executed from specific session ids…this will make every thing secure.
    And every good hosting now provides hotlink protection..too.

    Reply

Write your comment

Optional

The Bronco Family
Work With Us