Why Has FA & BP Been Removed From Rogue Status?

Discussion in 'General Casino Affiliate Area' started by AussieDave, Jan 28, 2015.

  1.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,876
    Likes Received:
    1,377
    Joined:
    Nov 28, 2013
    I'm having bots whatever try to gain acces via /cgi-bin/ and of course the same stuff your seeing in your logs. Even trying to gain direct access via /wp-admin/ which btw I have a htaccess file which only allows direct access via my static IP ;) Of you have a static IP it's a good idea to add a htaccess to it:

    EG -

    order deny,allow
    deny from all
    allow from(add your static IP).

    I'd also recommend protecting individual files such as these in your root htaccess:

    Code:
    <Files xmlrpc.php>
    Order allow,deny
    Deny from all
    </Files>
    
    # Prevents people gaining access to your folders to see which files are there.
    Options All -Indexes
    
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>
    
    <Files wp-config.php>
    order allow,deny
    deny from all
    </Files>
    
     
    Last edited: Jan 30, 2015
    falseadoom likes this.
  2.  
    falseadoom

    falseadoom Affiliate Guard Dog Member

    Messages:
    335
    Likes Received:
    103
    Joined:
    May 8, 2014
    I also have in .htaccess :)
    I just wonder how many sites have these plugins and themes that are getting hacked daily.
     
  3.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,876
    Likes Received:
    1,377
    Joined:
    Nov 28, 2013
    From what I can tell having used WP since 2009, a large proportion of these sites are plugin whores.
    30, 40, 50 plugins isn't uncommon. I use 11 at most and if I could, I'd reduce that number. I'm super paranoid on what plugin I add.

    Wordpress was always going to be a CMS for the masses. For those who can't code etc, WP is a perfect solution. Sure a % of the hacked sites are professionally designed and implimented But having had a web dev business myself, the majority of small/medium clients, wont spend the bucks to ensure their sites are secure going forward. And with hackers etc, this attitude along with excessive plugins, outdated themes/WP core, is an open invitation to be abused.

    That gov.au site I mentioned earlier isn't WP it's Drupal. Which along with Joomla is being targeted by this hacker now. Wont be long before we've seeing not 100's of thousands sites hacked but 1mil+. What makes these hackings worse is they are implimented in such a way, that unless the site owner/webmaster is viewing their folders on a regular basis or checking files, they're clueless to being hacked.

    In the case of Drupal, the configuration.php file is manipulated, this is much like the wp-config.php file in WP. In layperson terms, malicious code is injected, which is only actioned when these casino page instructions are received. Making these hackings even harder to detect. I'm guessing a similar process is achieved by hacking dodgy out outdated themes/plugins.

    Fact is though, if someone is skilled enough and wants to gain access to a site, they will. However the trick in these hacks, is having a site that's a total pain-in-the-butt to hack. In which case, it's left along and an easier target is found.

    However to harden my WP sites, I've implimented strategies which, while keeping things locked up like a fishes butt, have in some cases, flagged bona fide visitors, which of course is a huge concern. But what's the alternative? Lessen security and risk being hacked!

    Thinking outside the box, this hacking regeme would be one hell of a way to reduce competitiveness and kill off affiliates et al.
     
    Last edited: Jan 31, 2015
  4.  
    kazinoportal

    kazinoportal Affiliate Guard Dog Member

    Messages:
    30
    Likes Received:
    1
    Joined:
    Dec 30, 2013
    My God, so all this is creating a big damage to all of us?

    How's that possible, why google or i dont know, some offiliac authority block this criminal activity.
     
  5.  
    justred

    justred Affiliate Guard Dog Member

    Messages:
    63
    Likes Received:
    12
    Joined:
    Aug 23, 2014
    Seems to me 2 things are happening:
    1. Buffalo and Fortune have removed their links from a lot of these sites and
    2. The hacked sites have taken a dive in the rankings

    You guys seeing the same thing or am i trying to make myself feel better?

    Cheers
     
  6.  
    falseadoom

    falseadoom Affiliate Guard Dog Member

    Messages:
    335
    Likes Received:
    103
    Joined:
    May 8, 2014
    I am seeing just as many hacked out there.. But mainly just seeing one Iframe at the moment
     
  7.  
    justred

    justred Affiliate Guard Dog Member

    Messages:
    63
    Likes Received:
    12
    Joined:
    Aug 23, 2014
    I spoke to fast. It's happening all over the show again.
     
  8.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,876
    Likes Received:
    1,377
    Joined:
    Nov 28, 2013
    Why this tells me it's an inside job or at least someone these programs know, is the hacker's affiliate accounts claim to have been closed YET the hacker is given new accounts and it's business as usual again. All we seem to be doing is chasing our tails.

    That is, finding old/new sites hacked but new aff tags pointing to casinos of Fortune Affiliates and Buffalo Partners.

    Maybe the accounts are not being closed at all, instead, the hackers is given a fresh (new) aff tag id...
     
  9.  
    mister

    mister Member

    Messages:
    34
    Likes Received:
    4
    Joined:
    Sep 22, 2014
    sounds good in theory i could buy that, by doin their hacks are they on the serps fast or eventually makes it in and flooods the keywords with his hacked pages? can someeone give me a working page so i can decipher what hes doing, and see what i can do
     
  10.  
    mister

    mister Member

    Messages:
    34
    Likes Received:
    4
    Joined:
    Sep 22, 2014
    i was a sys admin for many years still is for many servers i could check it out and see if theres something that can be done
     
  11.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,876
    Likes Received:
    1,377
    Joined:
    Nov 28, 2013
    I've found as soon G display the search:
    shop.pescar.info/?other_uj=/casino-en/new-no-deposit-codes-for-slots-of.php
    safelink.com.br/?small_me=/casino-en/new-casino-bonus-no-deposit-required.php
    favoritabosquemaia.com.br/xbkp/includes/menu.php?case_qr=/casino-en/new-free-no-deposit-casino-bonus-codes.php

    The hacker has now changed to using on page javascripting, instead of an iframe. EIther way, more and more sites are being hacked each day.
     
  12.  
    falseadoom

    falseadoom Affiliate Guard Dog Member

    Messages:
    335
    Likes Received:
    103
    Joined:
    May 8, 2014
    shop.pescar.info/?other_uj=/casino-en/free-slots-x10.php (spin, jackpotcity,redflush,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    kanizsaidorottyamuzeum.hu/?old_ua=/casino-en/freeslotscom-double-diamonds.php (spin, redflush, jackpotcity)
    preuss.cz/?take_ni=craps-online/totally-free-slots-no-download.xhtml (spin, jackpotcity,redflush,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    regent-rock.cz/?do_al=/casino-en/free-ventrilo-server-50-slots.php (spin, jackpotcity,redflush,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    alexanderhartmann.de/blog/en/?p=free-slots-with-bonus (redirects to grand parker)
    timeit.com.au/slot/7red_free_slots.php (redirects to grand parker)
    russellcellular.com/onlinecasino/mybet-novomatic-slots-book-of-ra.html (royal vegas, platinum play)
    prattcomd.com/site_media/css/games/play-online-slots-machines.html (royal vegas, platinum play)
    alexanderhartmann.de/blog/en/?p=free-slots-with-bonus
    mita.dk/casino-games-to-play-for-free-slots/ redirects here themyserver.us/play-now/
    cecam.mg/_xmlrpc/?know_av=/casino-en/bodogcom-free-slots.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    agencelkpatrimoine.com/free-slots-with-bonus
    indigotechnologies.co/casino-bonus-free-slots/ (iframe not working, just showing scraped text)
    spine-alliance.com/free-slots-features-online/ redirects here themyserver.us/play-now/
    restauracepodlesem.cz/?early_nd=/casino-en/free-no-downlad-slots.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    savia.cl/?make_xu=/casino-en/free-slots-4-u-crazy.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    sitedapraia.com.br/mplturismo/free-slots-with-bonus
    trubaci-viktorija.com/free-slots-with-bonus
    tajero.tj/?use_bb=0&q=/casino-en/free-slot-worldsino-games.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    eastbierleycricketclub.co.uk/online-slot-free-slots/
    nasimandnima.com/wp-content/themes/rise/framework/include.php?find_ep=0&q=/casino-en/free-slots-tournaments-forsh.php (spin, jackpotcity,gamingclub,rubyfortune, royalvegas, luckynugget, cabaret club)
    copydom.com.do/free-slots/
    bs-sd.de/days-free-slots-play/
    everyschool.com/playcasino/betfred-slots.html (royal vegas, platinum play)
    globaltekno.com/free-slots-with-bonus
    sugarcraftshow.com.br/no-deposit-bonus-casino
    denbiesviewvets.co.uk/no-deposit-casinos-usa
    sudamericana.edu.py/mobile-casino-no-deposit
    seagullmodels.com/?p=no-deposit-casino-bonus
    rtp.lv/no-deposit-bonus-codes
    deboutlesbelges.be/online-casino-no-deposit-bonus

    worldrefugeedaykw.ca/?p=no-deposit-casino
    peebles.com.br/no-deposit-casinos-usa
    chattothefuture.org/no-deposit-casinos-for-usa-players (iframe not working, just showing scraped text)
    workforce.pl/?p=no-deposit-casinos-for-usa-players
    busraedebali.com.tr/?p=online-casino-no-deposit-bonus
    subadoner.com/no-deposit-casinos-usa (iframe not working, just showing scraped text)
    rwfotografie.nl/no-deposit-bonus-casinos
    almawave.com/almawave/casinos-online-no-deposit
    thebellaitalia.com/no-deposit-bonus
    acustec.com/?p=no-deposit-bonus-casinos
    spiritfightcenter.com/?p=online-casino-no-deposit-bonus
    lmfashion.net/dolly/?p=no-deposit-casino
    snappphotography.com/no-deposit-casino-bonus
    drawbridgerealtytrust.com/no-deposit-casinos-for-usa-players
    ilasa.org.za/qarefesapi.html
    bemnafita.com/no-deposit-casinos-for-usa-players
    zerica.com/site/no-deposit-bonus-casinos
    cfcdfw.com/no-deposit-bonus-casino
    harasdudon.com/no-deposit-casinos-for-usa-players
    egurenugarte.us/?p=no-deposit-casino
    forniturearredamento.com/nuovo/no-deposit-casinos-for-usa-players
    beautyondemand.co.nz/no-deposit-casino-bonus
    alexanderhartmann.de/blog/en/?p=no-deposit-casinos-usa
    aquarelladigital.com.br/no-deposit-casino-bonus
    unglesgel.com/no-deposit-casinos-for-usa-players
    allenergyday.nl/allenergyday/?p=no-deposit-casino-bonus
     
  13.  
    falseadoom

    falseadoom Affiliate Guard Dog Member

    Messages:
    335
    Likes Received:
    103
    Joined:
    May 8, 2014
    This also popup on my malware blocker when going to certain hacked sites

    all-products-dir.com

    all-products-dir.com/in.cgi?3&parameter=play%20online%20slots
     
  14.  
    slotplayer

    slotplayer Affiliate Guard Dog Member

    Messages:
    1,730
    Likes Received:
    260
    Joined:
    Aug 8, 2008
    I just emailed a school related telling them their site has been hacked. Actually I didn't notice it before but it was every school as listed above. The kw phrase I used in Google was different than the playtech betfred slots shown in the list.
     
  15.  
    slotplayer

    slotplayer Affiliate Guard Dog Member

    Messages:
    1,730
    Likes Received:
    260
    Joined:
    Aug 8, 2008
    Aren't these all WP sites, is there any way of telling what version of WP the site is written in?
     
  16.  
    falseadoom

    falseadoom Affiliate Guard Dog Member

    Messages:
    335
    Likes Received:
    103
    Joined:
    May 8, 2014
    they hack plugins and themes, plus outdated versions of wp & joomla .
    Even if wp is up to date, they can still hack
     
  17.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,876
    Likes Received:
    1,377
    Joined:
    Nov 28, 2013
    Certain themes and plugins for both WP and Joomla are the weak links. The hacker's botnet is targeting these known exploits.

    Has also been reported incidents of paid themes being obtained by the hacker, the professional theme is hacked and a backdoor added. Then distributed as a free theme. You can only imagine the havoc this can create, given, most people will jump at getting a professional theme, for free.
     
    Last edited: Feb 8, 2015
    mister likes this.
  18.  
    mister

    mister Member

    Messages:
    34
    Likes Received:
    4
    Joined:
    Sep 22, 2014
    Im sure its some injection attack and these are eaay to find on google. I have 3 honeypots waiting for him. Since these attacks are done with scripting or manualy depends if he's a a scripye kiddy or knows his stuff.

    Only problen is he b Hard to track he's goin to be hiding using proxies vpns but at leaatwe can get some hints from the way he does his hacks.
     
  19.  
    slotplayer

    slotplayer Affiliate Guard Dog Member

    Messages:
    1,730
    Likes Received:
    260
    Joined:
    Aug 8, 2008
    still its all just php code.
     
  20.  
    mister

    mister Member

    Messages:
    34
    Likes Received:
    4
    Joined:
    Sep 22, 2014
    Most of those wp joomla was all tampered with on tpb

    Its so easy to deface someones website just using google.

    I hopei get him using his keywords posted.

     

Share This Page