Monday, June 20, 2016

Are We Having a PHP Spam Wave?

I have, at this writing, 137 Google Alerts set up. They cover all kinds of resources for all kinds of keywords all over the Internet. And as you might imagine, I do occasionally get a bit of spam in my alerts – a site that has suffered PHP injection or some other hack, and which is now spewing out gunk that trips my keywords.

I used to send the site a note with a screenshot letting them know, but as 99% of the time I got no response, I gave up on that mostly. I still occasionally do it but the response is the same – nothing.

Anyway, I was checking through my Google Alerts this morning and had found that one particular Google Alert had started generating a lot of spam. Check out just a couple of screen shots:

Screenshot 2016-06-20 at 08.32.37 - Edited

Screenshot 2016-06-20 at 08.30.08 - Edited

Here was the Google Alert that was suddenly filled with spam:

intitle:"how to" intitle:(facebook | snapchat | instagram | twitter | "social media")

You can do this search from the Google site. Use the "Search Tools" option to search only results for the last 24 hours and you will find a lot of spam. There are even a couple on the first page of results:

szoter_image

Based on what I can see from the spam on the sites, this looks like PHP injection stuff, but I'm not knowledgeable enough to say for sure. I've searched the news to see if there are any stories on this, but I can't find any.

It's this kind of garbage that drove me to hosting  ResearchBuzz at WordPress.com. I want to focus on generating good content and helping you, not constantly worrying if I've got a bad theme or a plugin that's about to blow up in my face.

If you prefer to host your own WordPress blog – and more power to you – I strongly recommend you set up a Google Alert aimed at your own site so that you can catch this stuff if it slips through. Let's use Radians College as an example, since last month I wrote about how its site is overrun with spam (SPOILER ALERT: it's still overrun with spam.)

A Radians College IT person might set up an alert that looks like this:

(viagra | cialis | "make money" | forex | instagram | facebook) site:radianscollege.edu

At this writing you will get over three thousand results if you run that search on Google.

Of course, some of your alerts might be false positives but those should be obvious. In my experience sifting spam out of my Google Alerts, the hot words and phrases right now are "make money" and Instagram. I left the drug names in there since those are the keywords that have traditionally come up the most in the .edu spam I see.

You could, of course, get more general by adding terms like craigslist (run the search craigslist site:radianscollege.edu on Google) or social media. You've got a balancing act here: the more general terms you use, the more false positives you're going to get. On the other hand, the more "spammy" the keywords you use, the more likely you'll miss something if the hot keywords shift.


Source: Are We Having a PHP Spam Wave?

No comments:

Post a Comment