Why Has FA & BP Been Removed From Rogue Status?

[AussieDave]

I'm having bots whatever try to gain acces via /cgi-bin/ and of course the same stuff your seeing in your logs. Even trying to gain direct access via /wp-admin/ which btw I have a htaccess file which only allows direct access via my static IP Of you have a static IP it's a good idea to add a htaccess to it:

EG -

order deny,allow
deny from all
allow from(add your static IP).

I'd also recommend protecting individual files such as these in your root htaccess:

<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

# Prevents people gaining access to your folders to see which files are there.
Options All -Indexes

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files wp-config.php>
order allow,deny
deny from all
</Files>

 

[falseadoom]

I also have in .htaccess
I just wonder how many sites have these plugins and themes that are getting hacked daily.

 

[AussieDave]

I just wonder how many sites have these plugins and themes that are getting hacked daily.

From what I can tell having used WP since 2009, a large proportion of these sites are plugin whores.
30, 40, 50 plugins isn't uncommon. I use 11 at most and if I could, I'd reduce that number. I'm super paranoid on what plugin I add.

Wordpress was always going to be a CMS for the masses. For those who can't code etc, WP is a perfect solution. Sure a % of the hacked sites are professionally designed and implimented But having had a web dev business myself, the majority of small/medium clients, wont spend the bucks to ensure their sites are secure going forward. And with hackers etc, this attitude along with excessive plugins, outdated themes/WP core, is an open invitation to be abused.

That gov.au site I mentioned earlier isn't WP it's Drupal. Which along with Joomla is being targeted by this hacker now. Wont be long before we've seeing not 100's of thousands sites hacked but 1mil+. What makes these hackings worse is they are implimented in such a way, that unless the site owner/webmaster is viewing their folders on a regular basis or checking files, they're clueless to being hacked.

In the case of Drupal, the configuration.php file is manipulated, this is much like the wp-config.php file in WP. In layperson terms, malicious code is injected, which is only actioned when these casino page instructions are received. Making these hackings even harder to detect. I'm guessing a similar process is achieved by hacking dodgy out outdated themes/plugins.

Fact is though, if someone is skilled enough and wants to gain access to a site, they will. However the trick in these hacks, is having a site that's a total pain-in-the-butt to hack. In which case, it's left along and an easier target is found.

However to harden my WP sites, I've implimented strategies which, while keeping things locked up like a fishes butt, have in some cases, flagged bona fide visitors, which of course is a huge concern. But what's the alternative? Lessen security and risk being hacked!

Thinking outside the box, this hacking regeme would be one hell of a way to reduce competitiveness and kill off affiliates et al.

 

[kazinoportal]

My God, so all this is creating a big damage to all of us?

How's that possible, why google or i dont know, some offiliac authority block this criminal activity.

 

[justred]

Seems to me 2 things are happening:
1. Buffalo and Fortune have removed their links from a lot of these sites and
2. The hacked sites have taken a dive in the rankings

You guys seeing the same thing or am i trying to make myself feel better?

Cheers

 

[falseadoom]

I am seeing just as many hacked out there.. But mainly just seeing one Iframe at the moment

 

[justred]

I spoke to fast. It's happening all over the show again.

 

[AussieDave]

Why this tells me it's an inside job or at least someone these programs know, is the hacker's affiliate accounts claim to have been closed YET the hacker is given new accounts and it's business as usual again. All we seem to be doing is chasing our tails.

That is, finding old/new sites hacked but new aff tags pointing to casinos of Fortune Affiliates and Buffalo Partners.

Maybe the accounts are not being closed at all, instead, the hackers is given a fresh (new) aff tag id...

 

[mister]

sounds good in theory i could buy that, by doin their hacks are they on the serps fast or eventually makes it in and flooods the keywords with his hacked pages? can someeone give me a working page so i can decipher what hes doing, and see what i can do

 

[mister]

i was a sys admin for many years still is for many servers i could check it out and see if theres something that can be done

 

[AussieDave]

You can find more by doing a search like this in google "/casino-en/new-no-deposit"

I've found as soon G display the search:
shop.pescar.info/?other_uj=/casino-en/new-no-deposit-codes-for-slots-of.php
safelink.com.br/?small_me=/casino-en/new-casino-bonus-no-deposit-required.php
favoritabosquemaia.com.br/xbkp/includes/menu.php?case_qr=/casino-en/new-free-no-deposit-casino-bonus-codes.php

The hacker has now changed to using on page javascripting, instead of an iframe. EIther way, more and more sites are being hacked each day.

 

[falseadoom]

shop.pescar.info/?other_uj=/casino-en/free-slots-x10.php (spin, jackpotcity,redflush,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
kanizsaidorottyamuzeum.hu/?old_ua=/casino-en/freeslotscom-double-diamonds.php (spin, redflush, jackpotcity)
preuss.cz/?take_ni=craps-online/totally-free-slots-no-download.xhtml (spin, jackpotcity,redflush,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
regent-rock.cz/?do_al=/casino-en/free-ventrilo-server-50-slots.php (spin, jackpotcity,redflush,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
alexanderhartmann.de/blog/en/?p=free-slots-with-bonus (redirects to grand parker)
timeit.com.au/slot/7red_free_slots.php (redirects to grand parker)
russellcellular.com/onlinecasino/mybet-novomatic-slots-book-of-ra.html (royal vegas, platinum play)
prattcomd.com/site_media/css/games/play-online-slots-machines.html (royal vegas, platinum play)
alexanderhartmann.de/blog/en/?p=free-slots-with-bonus
mita.dk/casino-games-to-play-for-free-slots/ redirects here themyserver.us/play-now/
cecam.mg/_xmlrpc/?know_av=/casino-en/bodogcom-free-slots.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
agencelkpatrimoine.com/free-slots-with-bonus
indigotechnologies.co/casino-bonus-free-slots/ (iframe not working, just showing scraped text)
spine-alliance.com/free-slots-features-online/ redirects here themyserver.us/play-now/
restauracepodlesem.cz/?early_nd=/casino-en/free-no-downlad-slots.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
savia.cl/?make_xu=/casino-en/free-slots-4-u-crazy.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
sitedapraia.com.br/mplturismo/free-slots-with-bonus
trubaci-viktorija.com/free-slots-with-bonus
tajero.tj/?use_bb=0&q=/casino-en/free-slot-worldsino-games.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
eastbierleycricketclub.co.uk/online-slot-free-slots/
nasimandnima.com/wp-content/themes/rise/framework/include.php?find_ep=0&q=/casino-en/free-slots-tournaments-forsh.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
copydom.com.do/free-slots/
bs-sd.de/days-free-slots-play/
everyschool.com/playcasino/betfred-slots.html (royal vegas, platinum play)
globaltekno.com/free-slots-with-bonus
sugarcraftshow.com.br/no-deposit-bonus-casino
denbiesviewvets.co.uk/no-deposit-casinos-usa
sudamericana.edu.py/mobile-casino-no-deposit
seagullmodels.com/?p=no-deposit-casino-bonus
rtp.lv/no-deposit-bonus-codes
deboutlesbelges.be/online-casino-no-deposit-bonus

worldrefugeedaykw.ca/?p=no-deposit-casino
peebles.com.br/no-deposit-casinos-usa
chattothefuture.org/no-deposit-casinos-for-usa-players (iframe not working, just showing scraped text)
workforce.pl/?p=no-deposit-casinos-for-usa-players
busraedebali.com.tr/?p=online-casino-no-deposit-bonus
subadoner.com/no-deposit-casinos-usa (iframe not working, just showing scraped text)
rwfotografie.nl/no-deposit-bonus-casinos
almawave.com/almawave/casinos-online-no-deposit
thebellaitalia.com/no-deposit-bonus
acustec.com/?p=no-deposit-bonus-casinos
spiritfightcenter.com/?p=online-casino-no-deposit-bonus
lmfashion.net/dolly/?p=no-deposit-casino
snappphotography.com/no-deposit-casino-bonus
drawbridgerealtytrust.com/no-deposit-casinos-for-usa-players
ilasa.org.za/qarefesapi.html
bemnafita.com/no-deposit-casinos-for-usa-players
zerica.com/site/no-deposit-bonus-casinos
cfcdfw.com/no-deposit-bonus-casino
harasdudon.com/no-deposit-casinos-for-usa-players
egurenugarte.us/?p=no-deposit-casino
forniturearredamento.com/nuovo/no-deposit-casinos-for-usa-players
beautyondemand.co.nz/no-deposit-casino-bonus
alexanderhartmann.de/blog/en/?p=no-deposit-casinos-usa
aquarelladigital.com.br/no-deposit-casino-bonus
unglesgel.com/no-deposit-casinos-for-usa-players
allenergyday.nl/allenergyday/?p=no-deposit-casino-bonus

 

[falseadoom]

This also popup on my malware blocker when going to certain hacked sites

all-products-dir.com

all-products-dir.com/in.cgi?3&parameter=play%20online%20slots

 

[slotplayer]

I just emailed a school related telling them their site has been hacked. Actually I didn't notice it before but it was every school as listed above. The kw phrase I used in Google was different than the playtech betfred slots shown in the list.

 

[slotplayer]

Why this tells me it's an inside job or at least someone these programs know, is the hacker's affiliate accounts claim to have been closed YET the hacker is given new accounts and it's business as usual again. All we seem to be doing is chasing our tails.

That is, finding old/new sites hacked but new aff tags pointing to casinos of Fortune Affiliates and Buffalo Partners.

Maybe the accounts are not being closed at all, instead, the hackers is given a fresh (new) aff tag id...

Aren't these all WP sites, is there any way of telling what version of WP the site is written in?

 

[falseadoom]

they hack plugins and themes, plus outdated versions of wp & joomla .
Even if wp is up to date, they can still hack

 

[AussieDave]

they hack plugins and themes

Certain themes and plugins for both WP and Joomla are the weak links. The hacker's botnet is targeting these known exploits.

Has also been reported incidents of paid themes being obtained by the hacker, the professional theme is hacked and a backdoor added. Then distributed as a free theme. You can only imagine the havoc this can create, given, most people will jump at getting a professional theme, for free.

 

[mister]

Im sure its some injection attack and these are eaay to find on google. I have 3 honeypots waiting for him. Since these attacks are done with scripting or manualy depends if he's a a scripye kiddy or knows his stuff.

Only problen is he b Hard to track he's goin to be hiding using proxies vpns but at leaatwe can get some hints from the way he does his hacks.

 

[slotplayer]

still its all just php code.

 

[mister]

Most of those wp joomla was all tampered with on tpb

Its so easy to deface someones website just using google.

I hopei get him using his keywords posted.

Certain themes and plugins for both WP and Joomla are the weak links. The hacker's botnet is targeting these known exploits.

Has also been reported incidents of paid themes being obtained by the hacker, the professional theme is hacked and a backdoor added. Then distributed as a free theme. You can only imagine the havoc this can create, given, most people will jump at getting a professional theme, for free.