the last two years, search engine poisoning —— SEO (search engine optimization) poisoning attacks are growing, but such attacks are becoming more dangerous. However, many end users and network administrators are not even aware of this threat exists. How, then, in the premise of not affecting users using Internet search feature, protecting enterprises from SEO poisoning attacks? this article need to address the problem.
popularity of search engines
information on the network is so great that if there is no search engine, users will be hard to find what they need. Since Archie appears from the first Internet search tools, we have come a long way, early search engines then give way to “ crawling ” the type of search engines, and crawling of WebCrawler search engines from the very beginning, and then to the Magellan, Excite, AltaVista and Yahoo!. Since 2000, Google search led from the start, although the recent Google challenges Microsoft Bing, but seems to have failed to shake the status of Google in the search industry.
all of these search engines, and millions of search results returned per day, which has also become the attacker tempting targets. Attacks where the attacker or spread malicious software by using the most common way is to lure unwitting Internet users to Web sites that contain malicious code. In addition to direct a user to a malicious Web site, SEO poisoning attacks can be legitimate Web sites are welcome to use cross-site scripting attacks. How attackers to their malicious Web sites get more traffic than by manipulating search engines, so the attacker's Web site instead of legitimate Web sites at the forefront of the search results
search engine optimization work
SEO refers to the legitimate website in order to increase their site traffic and search engine optimization techniques you use. When a user uses the search engine to search for a keyword or phrase, he will normally seen only before the first page or two pages of search results, so the site arrange rank near the top of the search results, search, the more likely to visit your site. SEO the term first appeared in the late 90 's, network designers had just started to notice how they can be enough to get their sites ranked in the first few pages of search engines. In the early days, simply by inserting a popular keywords in the metadata of a Web page to manipulate search results, but now search engines algorithms become more complex to avoid this problem.
now, a lot of search engine ranking of the highest standards as their secret, allegedly, Google uses over 200 factors, and search engine optimization is used a lot of different ways, for example:
1, transverse links of the same Web site page.
2, keyword stuffing: in a meta tag or in the Web page content using the top keyword repeatedly, usually by dropping a font or color into the background behind the picture, so that site visitors cannot see. By “ ” sometimes known as a Web page “ poisoning ” Web page.
3, and “ spam ” or “ spam index ”: paste the website link in many blog comments.
4, and “ link farm ”: Web farm, all sites are linked to each other in a cluster.
search engine also publishing has improve website ranking of feasible method of guidance, and using these guidance yiwai of method will will was think is does not reasonable of, and tried to “ mocked ” search engine algorithm of technology General was called “ black cap SEO”, usually using mean of technology to gets more of flow, and Dang website is malicious website Shi, on became has SEO poisoning attack.
attacked 2.0
SEO poisoning attack can be said that the attack part 2, that is, it is part of a increasingly complex attacks, attackers start using more and more complex technologies. These poisoning attacks are usually aimed at the most popular search terms to attack the largest number of victims. It is estimated that of the highest ranking in the Google search results more than one-tenth in the Web site to a malicious Web site. Recently, SEO attacks begin to attack is about the Apple iPad and iPhone4 information, as the two most popular topics. However, due to these attacks slowly understood, SEO attacker will soon transfer to the next hot topic, this rapid transfer capability is the key to their success.
an attacker now are using automated tools, enabling them to more easily use black hat SEO techniques to use now the hottest information and passOften will be combined with some tragedy: earthquake, suicide bombings in Moscow time, celebrity death, and so on, any information capable of getting clicks has become the pawn of a malicious attacker.
an attacker uses many search engine optimization tools (applications, often as PHP scripting, can generate a poisoned Web page to redirect visitors to a malicious website) all users are able to distinguish, direct access to general users of the site, and users who access Web site from search engines or search engine spiders. Then, the user will be redirected to a malicious Web site. Sophos company's latest study on the analysis of the automation process, please click here to download.
how attackers undermine legitimate sites to insert their redirection tools? in some cases, they exploit a vulnerability in the content management system. In other cases, they may be through the use of managed network server vulnerabilities to attack the site. When an attacker to penetrate site, they will upload and install the SEO applications, the application can be dynamically generated SEO page and extract the text from the search results, use any of the major search engines. Latest hot keywords can be found online, such as Google Trends. Metadata is extracted and added to from the search engine results SEO in links page, SEO tools by generated content can also be cached.
SEO pages link to other SEO pages, so that they will be searched for, and/or links posted on the forums of other legitimate Web sites, blogs, comments, message board, social network status updates, SEO page. That could allow an attacker to SEO page making tools for indexing by search engines.
when the user clicks when poisoned search results, the request will be redirected to a malicious Web site. Implemented a way to redirect is used PHPheader () function to send the redirect status code to the user's Web browser. JavaScript or other active content can also be used to redirect the user.
how to protect your business from SEO attacks
how to protect your business from SEO poisoning attacks? the biggest problem is that traditional protection measures to protect against network-based attacks, such as URL filtering, will become invalid, because the attacker is using the legitimate Web site to redirect visitors. Content inspection and filtering as well as the effective load testing is more effective to prevent malicious content attacks users.
educational users is a good way, tell them SEO attacker common attack techniques. For example poisoning may redirect users to a Web page “ malicious Portal ” in those Web site users will see a lot of virus alerts and security tips, prompts the user to install fake anti-virus software, and are in fact malicious code. Also should alert users when searching for news about the topic, do not rely on search engine results, and should pass directly to the browser enter the URL of reliable news site to view the news. Other methods include browser-enabled security features, especially when the user access to unknown or untrusted Web sites, and when suddenly a prompt to install anti-virus software, or malware defense tool never point “ Yes” or “ confirmed ”. Administrators should ensure that the user's operating system install all security updates, and all users are running anti-virus software and anti-malware.
enterprises with their own Web sites to its network server for monitoring and ensuring their security, to ensure their Web server does not become the attacker attacked pipelines, because when the enterprise Web site related to SEO attacks when corporate reputation will suffer. To note is that attackers will redirect users from your site to a malicious Web site, they will also have to your Web page inserts wrong keywords or meta tags, search engines think you are using black hat SEO techniques. This may cause your business Web site subject to sanctions from major search engines, such as reducing the ranking of your Web site. Therefore, you must ensure that your Web server and Web applications to the appropriate configuration to prevent SEO attacks using cross-site scripting and other attacks.
