

60% of .edu websites are hacked by turkish "hackers" - zeynalov

I started to look for backlinks of some turkish websites, and discovered that most of pirate turkish movie websites have backlinks from .edu, .gov, websites from US. After looking for those links, I saw that the websites are somehow hacked and with css display:none command are links hidden. Then I started to look every source code of .edu websites and saw that 50-60% of them have hidden backlinks to several websites from Turkey, India etc. For example, just look to the end of source code of http://www.webb-institute.edu  and then look to backlinks of - for example www.bolumizleyin.com. I wrote to website owners and Google, but no responce. Please Matt Cutt, if your read this do something about those hacklinks.
======
Matt_Cutts
Blackhat spammers will do almost anything to earn money, including illegal
stuff like hacking tons of websites. Google is able to detect and disregard
the vast majority of hacked links; you're looking at raw links but you don't
see which of those links we trust and how much weight we give them.

We try to go a little further and warn many websites that they've been hacked,
but there's definitely a lot of unpatched web servers out there, as you could
guess from <http://news.ycombinator.com/item?id=3277514> a few hours ago.

~~~
zeynalov
Matt, I searched and find out that people have already in 2010 reported about
this type of spams. They gave the list of them, but most of them are even not
penalized.

(topics are in turkish)

1\. here - bit.ly/obNDQ9 2. here - bit.ly/sO3ZZP 3. here -
<http://bit.ly/tNCAff>

In 3. topic, a hacker - Clair De Lune from Turkey says that he has the list of
passwords of .edu websites and he mentions that it's not illegal because the
links are hidden and website owners believe him.

~~~
xuki
Expended links

1\.
[http://www.google.com/support/forum/p/webmasters/thread?tid=...](http://www.google.com/support/forum/p/webmasters/thread?tid=730e10a2a8dfb6f5&hl=tr)
2\.
[http://www.google.com/support/forum/p/webmasters/thread?tid=...](http://www.google.com/support/forum/p/webmasters/thread?tid=2c570f375bd6d413&hl=tr)
3\.
[http://www.google.com/support/forum/p/webmasters/thread?tid=...](http://www.google.com/support/forum/p/webmasters/thread?tid=6aad6bdb544e31b4&hl=tr)

------
ebiester
Here's the problem... Turkey has a lot of underutilized developer talent.
There's tremendous potential there, but most of it ends up in Germany or
France. It also ends up in underhanded schemes.

For those that stay, the IT culture seems rather conservative and moving jobs
is culturally difficult. The talent is there (like it is in Russia) but they
are a long way off from being an innovation capitol.

~~~
draggnar
what challenges are in their way for making good products within their own
market? What challenges exist to work as outsourced development teams? After
reading this I would think twice about hiring someone from turkey.

~~~
ebiester
First and foremost, I should say I'm partnered to a Turk and have spent a few
months there; I am not a specialist. While there, I did talk to a few people
about the IT climate. So take what I say with a grain of salt.

First and foremost, Turkey is a country of 80 million people. There is a
significant amount of variety from person to person, but the tax codes and
business rules are not IT friendly relative to other businesses. There is
still a non-trivial tariff on computers and electronics, making supplies more
expensive than in other countries. From what I vaguely understand it is easier
for other companies to evade taxes than IT services, all of which increases
the cost of business and makes outsourcing less economical compared to other
Eastern European nations. (AKP, the ruling party, is thought of as business-
friendly, but I haven't seen any work to really tackle their tax issues.)

Second, Turkey's government is censorship-happy. Nothing like hacker news or
reddit would work there, much less something like yelp. (every comment would
have to be read, lest someone gets trialed for "insulting Turkishness."

Finally, they don't have a great way for capitalization of projects. Also, the
people with money seem risk-averse to new ideas.

Turks themselves are very entrepreneurial, and the few of them that I've known
who were developers are generally rather sharp. I wouldn't try to outsource
there, however, at this point in time. (Unless I end up there for a few years
with a bit of cash and can poke at loopholes. Then, watch out for my new
product! :)

~~~
law_of_poe
Your observations are pretty accurate.

I'd like to add that something similar to Urban Dictionary has existed for a
very long time now (10+ years): eksizosluk.com. They had their fair share of
trouble with litigation but mostly managed to protect free speech. In fact it
is so successful that it spawned many clones, which themselves became very
popular websites.

Content is the main bottleneck. Something like UD exists because it generates
its own content, whereas HN or Reddit clones don't exist because there isn't
enough Turkish material on the web. A good part of population doesn't
understand English, and the ones who do, choose to assimilate in the more
interesting English space (ahem).

------
switz
That's wild. I guess since it's not exactly malicious hacking, the site owners
never realize it. I know plenty of .edu websites that are terribly coded in
terms of security. It's good that you reported it. Hopefully Matt sees this.

------
jpadvo
Interesting find! About Google, I'm pretty sure they have methods to detect
hidden content that simply exists as SEO spam.

~~~
eLobato
ROFL. They're not quite there unfortunately. Try a google query like:

site:mit.edu viagra

And get surprised at how the MIT is selling viagra :p

~~~
jQueryIsAwesome
Actually that is something different and a little more evil: They hacked the
mit page to check (server side) if the referer is a google search results page
for the word "viagra"; if it is then goes to the viagra page, if it is not
goes to the real MIT website.

------
presson83
I have a site using modx.com's latest version that is continually hit with
these "display:none" links. I've changed all passwords about a dozen times
with no luck. Anyone have any thoughts on how to prevent this hack from
continually happening?

------
nvictor
50-60%? really?

~~~
zeynalov
I randomly selected .edu websites from all over the web, including edu.az,
edu.com.tr etc. 62 of 100 had those hacklinks.

~~~
rhplus
In that case, the headline and summary are very misleading. The summary says
"edu, .gov, websites from US" but you say the sampling includes
Turkish/Azerbaijani academic websites. I don't think I'm the only person who
would read ".edu" and assumes that it _unambiguously_ means US academic sites.
If you can provide a full list of your sample, that would be useful to put
some detail into this statistic.

~~~
zeynalov
most of them are american educational websites, but there are also some from
Portugal, Turkey, Azerbaijan, China etc. which are very authoritative high pr
websites. I'm going to write a blog post with a full list of websites.

------
parfe
Just checked and the university I work for has a few spam links.

I figure the hundreds of independently maintained public facing servers make
universities particularly vulnerable.

------
shareme
about 18 months ago you use to see a lot of craigslist ads for access to edu
sites..

18 months later no ads whatsoever..so it must have all been outsourced to
places like Turkey etc..

------
cluboholic
Turkey shows its aggressive nature in every way..

~~~
seb_z_lite
I heard chicken is dangerous too.

