60% of .edu websites are hacked by turkish "hackers"
I started to look for backlinks of some turkish websites, and discovered that most of pirate turkish movie websites have backlinks from .edu, .gov, websites from US. After looking for those links, I saw that the websites are somehow hacked and with css display:none command are links hidden. Then I started to look every source code of .edu websites and saw that 50-60% of them have hidden backlinks to several websites from Turkey, India etc. For example, just look to the end of source code of http://www.webb-institute.edu and then look to backlinks of - for example www.bolumizleyin.com. I wrote to website owners and Google, but no responce. Please Matt Cutt, if your read this do something about those hacklinks.
43 comments
[ 0.25 ms ] story [ 66.8 ms ] threadGood find.
Do you have any hypotheses about a common vector for the hack? In addition to run-of-the-mill vectors, there's also the possibility that educational middleware (online class management a la Sungard, Blackboard, PeopleSoft) is vulnerable -- this is pure speculation, of course, but as someone who worked with dozens of those portals it piques my curiosity.
site:mit.edu viagra
And get surprised at how the MIT is selling viagra :p
For those that stay, the IT culture seems rather conservative and moving jobs is culturally difficult. The talent is there (like it is in Russia) but they are a long way off from being an innovation capitol.
First and foremost, Turkey is a country of 80 million people. There is a significant amount of variety from person to person, but the tax codes and business rules are not IT friendly relative to other businesses. There is still a non-trivial tariff on computers and electronics, making supplies more expensive than in other countries. From what I vaguely understand it is easier for other companies to evade taxes than IT services, all of which increases the cost of business and makes outsourcing less economical compared to other Eastern European nations. (AKP, the ruling party, is thought of as business-friendly, but I haven't seen any work to really tackle their tax issues.)
Second, Turkey's government is censorship-happy. Nothing like hacker news or reddit would work there, much less something like yelp. (every comment would have to be read, lest someone gets trialed for "insulting Turkishness."
Finally, they don't have a great way for capitalization of projects. Also, the people with money seem risk-averse to new ideas.
Turks themselves are very entrepreneurial, and the few of them that I've known who were developers are generally rather sharp. I wouldn't try to outsource there, however, at this point in time. (Unless I end up there for a few years with a bit of cash and can poke at loopholes. Then, watch out for my new product! :)
I'd like to add that something similar to Urban Dictionary has existed for a very long time now (10+ years): eksizosluk.com. They had their fair share of trouble with litigation but mostly managed to protect free speech. In fact it is so successful that it spawned many clones, which themselves became very popular websites.
Content is the main bottleneck. Something like UD exists because it generates its own content, whereas HN or Reddit clones don't exist because there isn't enough Turkish material on the web. A good part of population doesn't understand English, and the ones who do, choose to assimilate in the more interesting English space (ahem).
We try to go a little further and warn many websites that they've been hacked, but there's definitely a lot of unpatched web servers out there, as you could guess from http://news.ycombinator.com/item?id=3277514 a few hours ago.
(topics are in turkish)
1. here - bit.ly/obNDQ9 2. here - bit.ly/sO3ZZP 3. here - http://bit.ly/tNCAff
In 3. topic, a hacker - Clair De Lune from Turkey says that he has the list of passwords of .edu websites and he mentions that it's not illegal because the links are hidden and website owners believe him.
1. http://www.google.com/support/forum/p/webmasters/thread?tid=... 2. http://www.google.com/support/forum/p/webmasters/thread?tid=... 3. http://www.google.com/support/forum/p/webmasters/thread?tid=...
The sites are removed when either law enforcement agencies or the rights owner take action (for example page 1 of the results for one term is,right now, showing 12 DCMA complaint notices, and have been a couple of fairly large scale operations by UK police to get domains taken down when there is proof of criminal acitivity).
If it were a handful or even a score, then I'd believe that "Google is able to detect and disregard the vast majority of hacked links". However, my personal experience suggests that whatever is left after this "vast majority" still constitutes an awful lot of links.
Of course, I am not arguing that Google is not able to detect a meaningful percentage of hacked links, and indeed I have direct experience of this.
My own site was compromised a few years back, i.e. hacked to serve a bunch of links to the usual suspects - porn, drugs and Australian footwear (using a particularly nasty script that inserted the links only when the visitor was Googlebot otherwise it just returned an empty div - 100% my fault for being tardy in my patching schedule as it was using a widely available cms script) and this led to my site (as the 'victim' site) dropping dramatically in rank, only to recover once I had cleaned up the mess, patched the exploit and completed a re-inclusion request.
However, that so many sites using basic link spam approaches were able to rank so highly for such a sustained period suggests that the current capabilities are far from perfect - right now I can see a site in position 2 that only uses blog spam, is fairly new and is selling illegal counterfeit products. It simply should not be there (outranking the brand website), nor should the other 5 similar sites also on page 1.
Anyway, I obviously appreciate that Google faces an insanely difficult task in dealing with web spam, and the situation I refer to above is (despite the current spate) a lot better than it was 2 years ago, when it was crazily out of hand. Nevertheless, tens if not hundreds of millions of pounds have been lost by consumers to these sites in the same period (most of whom have such a high level of trust in Google as a brand that they rightly believe that anything showing up on page 1 is likely to be legit).
I figure the hundreds of independently maintained public facing servers make universities particularly vulnerable.
18 months later no ads whatsoever..so it must have all been outsourced to places like Turkey etc..
First of all i must tell my opinion about hacking web sites: if your site is hacked, find the hacker and give him to justice. Propably we agree about this. But, also fire your developer if the vulnerability is too childish.
And probably we don't agree about this subject. Because every developer i talked about this issue said: "this things happen... we cant predict every hacking method before it happens." etc.
But the root of the problem is a lot of developers see security as "add-on feature" instead of system feature.
I see a lot of SQL code like this, every day: "SELECT * FROM users WHERE user_id =" . $_POST['id'];
Trusting user input without validating, sanitization? And this brings us to another problem:
Universities are government organizations and the manager are chosen by "governmental standarts" which are "none".
A lot of IT department managers aren't coming from IT background. Some of them are just written some sort of statistical fortran program while in graduate school. If you have to write a complex CMS and want 3 months to do it, you probably have to do it just in 1 month. And the answer for your "3 months request" is: "X said a program like this can be written in just under 1 month". And x is some intern student.
And this brings us to another problem: Intern students...
Turkish university IT departments use students. I'm ok with that. I started as a student too. But, if you are "interested in computers", this is ok to get the job. And after that you are assigned with writing essential LOB software or even staff payment software. And you are writing "WHERE $_POST['id']"....
I'm bored... That's it for now. Thanks for reading.