PageRank Bleeders Target AARP Website

LOS ANGELES — The recently reported hack of the AARP.org website demonstrates an increasingly sophisticated approach to traffic manipulation and malicious user-system compromises — and once again, Internet porn takes the blame.

You see them in user communities all over the Internet: spam posts on blogs and boards; fake user profiles or "nicks" (short for "nicknames"); and seemingly inappropriate or misplaced comments and postings on every venue possible — and they all share at least one common goal: to get viewers to click through into their traffic stream and then on to their targeted destinations and beyond…

It's not just you, the individual web surfer that is increasingly being targeted as a source of clicks, however; but Google and other search engines that spider website content, too.

In the ceaseless battle for improved PageRank (PR; a means by which Google orders its search result listings), some promoters have turned to so-called "comment spam" on blog posts and automated message board bots that seek to place keyword-laden back-links on "authority sites" that enjoy — and pass on through these outbound links — a higher PR.

This process can improve the results that the sites being promoted enjoy from their other search engine marketing strategies; and often causes no more annoyance to the victimized website than having an erroneous posting that a moderator or automated tool must delete.

Far more troubling are the more malicious attacks that seek to infect the user's system with malware, as seen in the AARP example; where a coordinated, multi-prong attack that combined automated blog spamming, PR bleeding and automated redirects to porn sites via a JavaScript embedded into profile page listings, added a Trojan drop as well.

"First, hackers found vulnerabilities in AARP.org's user profile functionality, allowing them to post JavaScript redirect code and HREF links to porn sites," Jeremy Yoder of MX Logic, blogged. "Second, hackers employed bots in a massive campaign to submit blog comments containing links to the hacked AARP.org user profiles."

The AARP website is apparently driven by an in-house content management system (CMS) that is lacking in basic security precautions.

"It appears to be a custom system that's missing some baseline-level security capabilities," Yoder opined. "This site is accepting JavaScript code submissions, which are something that most off-the-shelf content management systems would have no trouble blocking."

"There has been a considerable increase in the use of comment and profile spam to promote pornographic or phishing sites in search engines," Yoder added. "This one was particularly notable because of the precise coordination of the attack, the exploitation of Web 2.0 functionality and the SEO motivation."

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Florida AG Asks for Halt of AV Lawsuit Pending SCOTUS Decision

Florida Attorney General Ashley Moody has filed a motion asking a federal court to halt the Free Speech Coalition (FSC) lawsuit challenging HB 3, the state's age verification law, pending the Supreme Court's ruling in the Free Speech Coalition-led challenge to Texas’ age verification law, HB 1181.

VRPorn.com Launches 'Virtual Reality Porn' Meme Coin

VRPorn.com has launched a new cryptocurrency meme coin on its platform.

Angie Rowntree's Sssh.com Celebrates 25 Years of Pioneering Erotica

Over 25 years ago at an adult internet trade show called IA2000, a producer warned filmmaker Angie Rowntree that there was no market for “porn for women.”

Streamate Spotlights Savannah Sly as December 'Elevate' Community Partner

Streamate has selected New Moon Network founder and co-director Savannah Sly as its Elevate Community Partner for December.

LaBellaDX Launches New Site Through YourPaysitePartner

Content creator LaBellaDX has launched her new official website through YourPaysitePartner (YPP).

Clip Page Launches 'Creator Analytics' Feature

Custom content marketplace Clip Page has launched the Creator Analytics feature on its platform.

BBWXXXAdventures Relaunches Through Grooby's Blue.xxx

Paysite BBWXXXAdventures has relaunched under Grooby's new website management company Blue.xxx.

Flirt4Free Announces 'Tease the Season' Holiday Contest

Flirt4Free has announced its Tease the Season promo and model contest, which will run Dec. 21-25.The competition is led by the return of the Snowflake Contest, where models can be gifted digital snowflakes by their fans. The models who collect the most snowflakes by 11:59 a.m. on Christmas Day will win cash prizes.

SWR Data Publishes 2024 'Top Creator Platforms' Report

Adult industry market research firm SWR Data has published a report on the Top Creator Platforms of 2024.

MintStars Joins Pineapple Support as Supporter-Level Sponsor

Content platform MintStars has joined the ranks of over 60 adult businesses and organizations committing funds and resources to Pineapple Support.

Show More