Ask HN: What exactly is going on? Hacked site.

4 points by dan_the_welder ↗ HN
I followed a link to what I thought was landolakes.com and was rapidly redirected to a pharmaceuticals site.

How strange I thought, and checked the link which appeared to be legitimate.

Then I Googled drugs site:landolakes.com and got pages of hits that reference various pharms.

Today it seems fixed. Does anyone know what this vulnerability is/was?

5 comments

[ 22.2 ms ] story [ 126 ms ] thread
I've seen exploited servers in the past with odd .htaccess files, performing redirects to spam sites depending on the requestor's source IP or some other identifier. Not sure how the server was exploited originally though.
Why not ask the administrative contact for the landolakes.com site? Why would Hacker News readers have any idea what happened on an obscure website that none of us have probably ever visited?

Anyway, there are an infinite number of ways sites can be hacked. It was probably just a dumb mistake, as nearly all of the hacked sites I've seen have been (when I was contracting, about a quarter of my clients hired me for forensics and cleanups on exploited servers). Weak passwords, old versions of software with known exploits, unnecessary service running that wasn't properly secured because no one was paying attention to it, etc.

Well I figured that the site admins would not likely reply to some random person asking about how their site got hacked.

I asked here because I thought perhaps a curious person would read this and find it interesting.

This is an increasingly common SEO trick that Google doesn't seem to be that good at picking up on. Or at least they are unable to detect it for a few days.

I don't think there is a specific vulnerability here, just whatever vulnerability the black hat SEOs can find to exploit.

I looked again and it seems to all be .cfm extensions.

So perhaps a Cold Fusion vulnerability.