

Ask HN: What exactly is going on? Hacked site. - dan_the_welder

 I followed a link to what I thought was landolakes.com and was rapidly redirected to a pharmaceuticals site.<p>How strange I thought, and checked the link which appeared to be legitimate.<p>Then I Googled <i>drugs site:landolakes.com</i> and got pages of hits that reference various pharms.<p>Today it seems fixed. Does anyone know what this vulnerability is/was?
======
SwellJoe
Why not ask the administrative contact for the landolakes.com site? Why would
Hacker News readers have any idea what happened on an obscure website that
none of us have probably ever visited?

Anyway, there are an infinite number of ways sites can be hacked. It was
probably just a dumb mistake, as nearly all of the hacked sites I've seen have
been (when I was contracting, about a quarter of my clients hired me for
forensics and cleanups on exploited servers). Weak passwords, old versions of
software with known exploits, unnecessary service running that wasn't properly
secured because no one was paying attention to it, etc.

~~~
dan_the_welder
Well I figured that the site admins would not likely reply to some random
person asking about how their site got hacked.

I asked here because I thought perhaps a curious person would read this and
find it interesting.

------
rms
This is an increasingly common SEO trick that Google doesn't seem to be that
good at picking up on. Or at least they are unable to detect it for a few
days.

I don't think there is a specific vulnerability here, just whatever
vulnerability the black hat SEOs can find to exploit.

------
bwwhite
I've seen exploited servers in the past with odd .htaccess files, performing
redirects to spam sites depending on the requestor's source IP or some other
identifier. Not sure how the server was exploited originally though.

------
dan_the_welder
I looked again and it seems to all be .cfm extensions.

So perhaps a Cold Fusion vulnerability.

