Join 3,512 readers in helping fund MetaFilter (Hide)


SEO word salad pornography?
December 18, 2008 7:49 PM   Subscribe

What in the world is going on with this website (subject of a recent askme)? Have a look at these google results: site:carolscookies.com inurl:locator. Is this an indication that the website's been hacked, or is this the kind of disgusting behavior that passes for SEO these days?

I tried to google the site for nutrition information to answer the original question, but my query turned up all these pages. Rather than derail the original thread, I'm asking a fresh question.
posted by jepler to Computers & Internet (6 answers total)
 
Pretty sure that site's been hacked. Might want to email the site's administrator- I'm going to.
posted by MadamM at 8:00 PM on December 18, 2008


I don't know much about computers, but I think it might be wise to warm people who are trying to look at the site to answer the question. It might be possible for them to gather information about you if you click the wrong thing on that site?
posted by Night_owl at 8:16 PM on December 18, 2008


Oh. You did that already.
posted by Night_owl at 8:20 PM on December 18, 2008


Rough guess is that she was using a locator script downloaded from the web somewhere that was a bit rough around the edges and got spammed.

Looks cleaned up now.
posted by bitdamaged at 9:11 PM on December 18, 2008


bitdamaged says it "looks cleaned up now", but that's not the whole story--the links return a 404 when I click on them in my web browser, but return suspect content when I download with wget. User-agent detection?

lee, sorry, I live in a fantasy world where clicking on things on a website can't harm your computer in any real way. I went ahead and flagged the original askme question.
posted by jepler at 5:59 AM on December 19, 2008


I saw something like this happen to a site I was maintaining for my university department. This looks like a PHP script exploit. Spam sites hammer these sorts of scripts, constantly. In my case it was using referrer logs to build directories of spam sites. In this case it looks like they're exploiting the server to host links to stuff. They've managed to trick the locator script into accepting and remembering URLs, which are probably redirecting your wget requests to the pirated software + porn described in the links.

Based on response headers the site is running Apache 1.3.41 (newest, but still a legacy version) and PHP 4.4.8 (another legacy version, and one revision behind the current 4.4.9 legacy patch) which might be part of the problem.

The locator script they're using is Ultimate Locator. The site has the admin login for the script control panel in the open, and more than likely the site maintainer chose the default user name and a poor password that was quickly cracked.
posted by caution live frogs at 7:23 AM on December 19, 2008


« Older How do I learn to write crisp,...   |  Help me salvage these pralines... Newer »
This thread is closed to new comments.