Black Hat SEO Anatomy of Incognito

Invisible, it means that the road is in the same way as Xiyi;
This system article is divided into four parts, which are tactics, tools, hidden articles, and summary articles. This article is an invisible article, mainly introducing some stealth methods in black hat seo. Black hat seo differs from other black production behaviors in that it takes time to create value. If it is reselling data, it only needs to invade the server to leave the pants, and the black hat seo needs to lurk on the server for a while, because it mainly relies on drainage to create value. So how to do it without being discovered by the server operation and maintenance is crucial, and it is also the key to the ultimate success of the black hat seo behavior.

Stealth technology

In the handling of some intrusion emergency response incidents, we found that some websites were hanged malicious pages for months or even years, during which time the administrator was not aware of it. Sometimes this is not the carelessness of the administrator, but the hacker is too embarrassed. After understanding the webpage hijacking method I introduced earlier, I think you can probably understand the reason. The webpage hijacking can control the content of the jump control page, which is the main reason that it is difficult for administrators to find out. In addition, the parasite program can automatically generate web pages, which makes it very viable and difficult to eradicate. Secondly, after we find that the website is hanged with malicious web pages, we usually log in to the server for viewing. Sometimes it is difficult to find script files that have been illegally altered or maliciously implanted, because this type of file is carefully hidden by hackers. So in addition to the above means, what other methods does the hacker have to hide itself and make it live?

Web Hijack Control Jump

The control jump in web hijacking is to hide the fact that the website has been hacked, making it difficult for webmasters to find out.

nginx secondary directory reverse proxy technology

Set up a directory agent by configuring a middleware configuration file such as nginx/apache to proxy a directory on the server to a directory on the server. That is, when the viewer opens the thief.one/2016/ directory, the actual access to the resource is a directory on the server (the target server will go to the server to get the data). This method does not need to modify the target server website source code, only need to modify the middleware configuration file, it is not easy to be deleted and not easy to be found.

Hidden files

Set the property hiding for the file. I have encountered such an event. At that time, a technician selected a file from a batch of web directories on the server for copying. When we scanned these files, we found no abnormalities and everything became incredible. The final result made us laugh and cry. The original malicious file was set to be attribute hidden. The technician who observed it through the naked eye did not copy the file, so this is an effective blind method.

An undead file refers to a webshell that cannot be deleted or an illegal page file (.html or dynamic file). Such an event has not been encountered in practice, but it is theoretically feasible.

Setting the malformed directory

One or more of the directory names. (dot, period)

1
md a..\

This directory cannot be deleted manually, of course the command line can be deleted.

1
/ RTI & gt;

Special file name

In fact, it is the system device name. This is the file name reserved by the Windows system. The common methods cannot be accessed. The main ones are: lpt, aux, com1-9, prn, nul, con, for example: lpt.txt, com1.txt, aux.txt , aux.pasp, aux.php, etc.

1
echo hello>\\.\c:\a..\aux.txt

Malformed directory + special file name
1
2
md c:\a..\
Echo hello>\\.\c:\a..\aux.asp #Note: The path here is to write an absolute path (the uploaded aux.php trojan can be executed)

delete:

1
/ RTI & gt;

There are still many methods, not enumerated one by one.

Portal

[Summary of Black Hat SEO Analysis] (https://thief.one/2017/09/28/4/)
[Invisible article of black hat SEO analysis] (https://thief.one/2017/09/28/3/)
[Black Hat SEO Analysis Tool] (https://thief.one/2017/09/28/2/)
[Black Hat SEO Anatomy] (https://thief.one/2017/09/28/1/)

本文标题:Black Hat SEO Anatomy of Incognito

文章作者:nmask

发布时间:2017年09月28日 - 15:09

最后更新:2019年07月11日 - 16:07

原始链接:https://thief.one/2017/09/28/3/en/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: