A lot of people do not know the way of malicious attack

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

SEO (Search engine Optimization) Poisoning attacks are evolving, and the attack is becoming more and more dangerous, according to a new study by F Company. However, many end users and some network administrators are not even aware of the threat. So, how does not affect the user to use Internet search function premise, protect Enterprise from SEO poisoning attack? This is the problem that this article needs to solve.

The popularity of search engines

The amount of information on the web is huge, and without a search engine, it's hard to find what you need. Since the advent of the first Internet search tool Archie, we have come a long way, and the early search engine then gave up the "crawl" type of search engine, while the crawler search engine WebCrawler from the very beginning and then to Magellan, Excite, AltaVista and Yahoo!. Since 2000, Google has been leading the search industry since the beginning, although Google has recently been challenged by Microsoft Bing, but it does not seem to shake Google's position in the search field.

With all of these search engines and a daily return of millions of of search results, this is an attractive target for attackers. One of the most common ways for an attacker to launch an attack or spread malware is to lure unsuspecting network users to a Web site that contains malicious code. In addition to being able to take users directly to malicious Web sites, SEO poisoning attacks can also use Cross-site scripting attacks on popular legitimate sites. How attackers can get more traffic to their malicious Web site than by manipulating search engines to allow an attacker's web site to replace the URL of a legitimate Web site at the forefront of search results

The working principle of search engine optimization

SEO technology refers to the legitimate Web site in order to increase the traffic and use of the search engine optimization technology. When a user uses a search engine to search for a keyword or phrase, he usually only looks at the first page or two pages of the search results, so the more the site is ranked in search results, the more likely searchers are to visit your site. The word SEO first appeared in the late 90, when web designers began to notice how they were able to get their sites in the top pages of the search engine. In the early days, it was easy to manipulate search results by inserting popular keywords into the Web page's metadata, but now search engine algorithms have become increasingly complex to avoid this problem.

Now, many search engines use their ranking standards as the top secret, and Google is said to have used more than 200 factors, while search engine optimizer uses many different methods, such as:

Pages that link the same Web site horizontally

"Keyword piling" (Repeated use of hot keywords in meta tags or web content, usually by merging font colors into backgrounds or behind pictures so that site visitors can't see them), "stuffed" pages are sometimes called "poisoned" pages.

"Spam comments" or "Junk Index" (paste site links in comments from many blogs)

"Link Farms" (Site clusters, all sites in the cluster are linked to each other)

Search engines have also issued guidance on ways to improve site rankings, methods other than using these guidelines will be considered unreasonable, while the technique of trying to "tease" search engine algorithms is generally referred to as "Black Hat seo", often using despicable techniques to get more traffic, and when the site is a malicious site, Became a SEO poisoning attack.

Attack 2.0

SEO poisoning attacks can be said to be part of Attack 2.0, that is, it is part of an increasingly complex attack, and attackers are beginning to use increasingly sophisticated technology. These poisoned attackers usually target the most popular search conditions to attack the largest number of victims. It is estimated that more than one-tenth of the top sites in Google's search results are malicious sites. Most recently, SEO attacks started attacking information about Apple's ipad and IPhone4, both of which are the hottest topics. But as these attacks are slowly being understood, SEO attackers will quickly move on to the next hot topic, and the ability to move quickly is the key to their success.

Attackers are now using automated tools to make it easier for them to use black hat SEO techniques to take advantage of the most popular information, often with some tragedies: earthquakes, Moscow suicide bombings, celebrity deaths, and so on, any information that can get a lot of clicks becomes a pawn for a malicious attacker.

Many of the search engine optimization tools used by attackers (applications, often written as PHP scripts, can generate poisoned pages to redirect visitors to malicious sites) can differentiate users, direct access to the site's general users, and users who access the site from search engines or search engine crawlers. The user is then redirected to a malicious Web site. The Sophos Company's latest research report analyzes the process of automation, please click here to download.

How can attackers break legitimate web sites to insert their redirection tools? In some cases, they are exploiting vulnerabilities in the content management system. In other cases, they may be attacking a Web site by exploiting vulnerabilities in a managed network server. When attackers can penetrate the site, they upload and install SEO applications that dynamically generate SEO pages and extract text from search results, using any major search engine. The latest hot keywords can be found online, such as Google Trends. The metadata is extracted from the search engine results and added to the SEO page link, and the generated content can also be cached by the SEO tool.

SEO pages link to other SEO pages so they will be searched for and/or linked to SEO pages posted in other legitimate websites forums, blog comments, message sheets, social networking status updates, etc. This allows the attacker's SEO page to be indexed by search engine earning tools.

When the user clicks on the poisoned search results, the request is redirected to the malicious Web site. One way to implement redirection is to use the Phpheader () function to send the redirected status code to the user's Web browser. JavaScript or other active content can also be used to redirect users.

How to protect the enterprise from SEO attack

How to protect the enterprise from SEO poisoning attacks? The biggest problem is that traditional protection against network-based attacks, such as URL filtering, becomes ineffective because attackers use legitimate web sites to redirect visitors. Content checking and filtering and payload detection are more effective to prevent malicious content from attacking users.

Educating users is a good way to tell them about some of the attack techniques commonly used by SEO attackers. For example, poisoned Web pages may redirect users to "malicious portals" where users will see many virus attack alerts and security prompts, prompting the user to install fake antivirus software, which is actually malicious code. You should also remind users not to rely on the results of search engines when searching for news about people's topics, but to view the news directly by entering the Web site of a reliable news website to the browser. Other methods include enabling browser-safe features, especially when a user accesses an unknown or untrusted web site, and never click "Yes" or "confirm" when suddenly prompted to install antivirus or malware defense tools. Administrators should ensure that all security updates are installed on the user's operating system and that all users are running anti-virus software and malware.

Enterprises with their own web sites should monitor and secure their network servers to ensure that their Web servers do not become the conduit for attackers to attack, because corporate reputations can be affected when the corporate web site involves SEO attacks. It is important to note that, in addition to redirecting users from your site to a malicious site, they will also insert an error keyword or meta tag into your Web page to make the search engine think you are using black hat SEO techniques. This may make your corporate website subject to sanctions from mainstream search engines, such as lowering your site rankings. Therefore, you must ensure that your network servers and network applications are properly configured to prevent Cross-site scripting and other attack techniques used by SEO attackers.