Call-Girl Search-Engine Pollution Hits WordPress Sites

Walden Systems News Call-Girl Search-Engine Pollution Hits WordPress Sites Rutherford NJ New Jersey NYC New York North Bergen County
Rita gives you full control of what sites your employees visit. Rita can block sites that eat up your precious bandwidth such as media streaming sites. Rita enables you full control of what sites your employees can and cannot visit. Rita gives you the ability to block undesirable sites by wildcard or by name. Rita gives you the ability to determine which computers will be blocked and which will be allowed. With Rita, you can block access to sensitive servers within your LAN.

A web spam attack targeting Koreans is creating problems for site administrators all around the world. Hackers are compromising vulnerable Korean language WordPress websites. Researchers at Sucuri uncovered a web spam doorway generator injected into a compromised website. With all the typical features, including fetching spammy content from a third-party server, caching it on a compromised server, and serving different versions of web pages to search engine bots and human visitors.

In closer examination, the team found that the campaign is looking to drive traffic to websites with three main themes, Call girls for travelers, online gambling and off-white merchandise. Each theme uses hundreds of specific keywords in Korean to attract visitors, such as call girl, motel travel massage and beautiful sister in business trip for the first theme, and overseas casino site, casino jackpot and casino roulette strategy for the gambling sites.


The attack targets Korean users only. The doorway script specifically checks that visitors originate from a Korean version of search engines with .kr and have Korean as their default browser language. Only these specific visitors are redirected. The configuration array also has a long list of Korean cities and regions used to generate localized doorways for each of them.

The impact extends much further, thanks to a unique approach to spamming search engines. The researcher explained that hackers are using lists found in the code's configuration files of hundreds of uncompromised WordPress sites to inject links of these sites into the doorway web pages they generate. The links point to these random WordPress sites' search results pages for keywords relevant to the spam attack. Their search queries don't return any results because the sites are not hacked and they don't contain any of the content related to the Korean keywords.

According to Sinegubko, since the result page is linked to from the doorway, search engine bots find it and index it. This results in millions of search results for relevant keywords which mention the domain names promoted by this attack. This adds an impressive amount of search visibility for the promoted domains. The technique is effective for creating SEO traction, but it has an ancillary trouble for webmasters with unhacked sites that have been linked to by the campaign.

Search engine results pages on major search engines are being polluted with hundreds of outright spam entries, which may affect their reputation. It is not always an easy task to remove those pages out of Google's index. While WordPress is the target, the attack is not WordPress specific. Any site with a search engine that returns nothing found for pages can be similarly attacked. Webmasters can disallow indexing by using the robots.txt file. The feature is available via various WordPress plugins. Webmasters should also regularly check for suspicious content indexed by search engines on their sites by looking at Google Search Console reports for indexed pages and search queries, as well as similar tools for other search engines.