xbiz world
xbiz premiere

PageRank Bleeders Target AARP Website

LOS ANGELES — The recently reported hack of the AARP.org website demonstrates an increasingly sophisticated approach to traffic manipulation and malicious user-system compromises — and once again, Internet porn takes the blame.

You see them in user communities all over the Internet: spam posts on blogs and boards; fake user profiles or "nicks" (short for "nicknames"); and seemingly inappropriate or misplaced comments and postings on every venue possible — and they all share at least one common goal: to get viewers to click through into their traffic stream and then on to their targeted destinations and beyond…

It's not just you, the individual web surfer that is increasingly being targeted as a source of clicks, however; but Google and other search engines that spider website content, too.

In the ceaseless battle for improved PageRank (PR; a means by which Google orders its search result listings), some promoters have turned to so-called "comment spam" on blog posts and automated message board bots that seek to place keyword-laden back-links on "authority sites" that enjoy — and pass on through these outbound links — a higher PR.

This process can improve the results that the sites being promoted enjoy from their other search engine marketing strategies; and often causes no more annoyance to the victimized website than having an erroneous posting that a moderator or automated tool must delete.

Far more troubling are the more malicious attacks that seek to infect the user's system with malware, as seen in the AARP example; where a coordinated, multi-prong attack that combined automated blog spamming, PR bleeding and automated redirects to porn sites via a JavaScript embedded into profile page listings, added a Trojan drop as well.

"First, hackers found vulnerabilities in AARP.org's user profile functionality, allowing them to post JavaScript redirect code and HREF links to porn sites," Jeremy Yoder of MX Logic, blogged. "Second, hackers employed bots in a massive campaign to submit blog comments containing links to the hacked AARP.org user profiles."

The AARP website is apparently driven by an in-house content management system (CMS) that is lacking in basic security precautions.

"It appears to be a custom system that's missing some baseline-level security capabilities," Yoder opined. "This site is accepting JavaScript code submissions, which are something that most off-the-shelf content management systems would have no trouble blocking."

"There has been a considerable increase in the use of comment and profile spam to promote pornographic or phishing sites in search engines," Yoder added. "This one was particularly notable because of the precise coordination of the attack, the exploitation of Web 2.0 functionality and the SEO motivation."

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

U of Wisconsin Lawyers Admit to Political, Donor Pressure to Terminate Prof. Joe Gow Over OnlyFans Content

Lawyers for the Universities of Wisconsin admitted during a hearing Friday that the institution has received pressure from a Republican politician and from a donor to strip veteran UW professor of communications Joe Gow of tenure for unremorsefully creating and appearing in adult content.

Open Mind AI Seeks Inclusion in EU's AI Debate

New European industry initiative Open Mind AI has penned a letter asking EU authorities to include adult companies and creators in ongoing discussions on setting up a legal framework for AI content.

Canadian Law Professor: Proposed Age Verification Bill 'Will Make Things Worse'

Leading Canadian newspaper The Globe and Mail this week published an op-ed written by a legal scholar outlining fundamental issues with the Conservative-backed age verification bill currently making its way through Parliament.

UK Labour Government Confirms it Will Continue Baroness-Led 'Porn Review'

The U.K. Labour government of Prime Minister Keir Starmer has confirmed it will continue the controversial full review of British pornography laws ordered by former Tory Prime Minister Rishi Sunak in July 2023.

AEBN Publishes Popular Searches for July and August

AEBN has released the top search terms for the months of July and August from its straight and gay theaters in all 50 states and the District of Columbia.

SWR Data Survey Probes Concerns About Political Attacks on Industry

SWR Data, an adult-sector market research firm led by industry veterans Mike Stabile and MelRose Michaels, has released data from its upcoming 2024 State of the Creator report, illustrating creators’ concerns about political attacks on the industry.

FSC Urges SCOTUS to Strike Down 'Unconstitutional' Texas Age Verification Law

The Free Speech Coalition (FSC) urged the U.S. Supreme Court through a brief filed Monday to strike down Texas’ age verification law as unconstitutional.

Japanese Manga Industry Hit by Credit Card Companies' Anti-Porn Restrictions

Japanese manga retailers are reporting pressure from multinational credit card companies — many based in the U.S. and targeted by anti-porn religious conservatives — to censor their content if they wish to maintain their current payment processing arrangements.

Netherlands Government Continues Porn Probe Following Abuse Allegations

The Dutch government plans to continue investigating the local porn industry in the Netherlands, following a series of abuse allegations involving photographer and self-styled “model scout” Daniël van der W.

Clips4Sale Releases '20 Years of Fetish' Data Survey

Clips4Sale (C4S) has released a report based on 20 years of data and analysis to show how kink and fetish tastes have changed since the site began.

Show More