What kind of parasite trick is this?

[16gb]

Been coming across something where someones hijacking strong domains (edu, gov etc) to redirect to their domain in niches like cbd.

The parasites url shows in the serps, then redirects straight to landing page

Anyone know whats going on here.

For an example: site:health.go.ug "buy"

 

[ryandiscord]

It's a hacked wordpress site. I have seen and fixed this type of hack before. Click any of those links from the Google search results it will redirect, copy any of them directly and they will 404. It's to avoid detection from the site owner. There's a script that will redirect the page when the referrer is from google.com but not when the link is visited directly.

The site I fixed had a series of php files named to sound like wp-config that were all base64 encoded. I didn't decode all of it but was able to find their script that looked for the referrer then pinged some url to cycle through various redirects.

It's amazing how much work people put in to avoid having to do real marketing.

 

[gasmonkeygarage]

It's a hacked wordpress site. I have seen and fixed this type of hack before. Click any of those links from the Google search results it will redirect, copy any of them directly and they will 404. It's to avoid detection from the site owner. There's a script that will redirect the page when the referrer is from google.com but not when the link is visited directly.

The site I fixed had a series of php files named to sound like wp-config that were all base64 encoded. I didn't decode all of it but was able to find their script that looked for the referrer then pinged some url to cycle through various redirects.

It's amazing how much work people put in to avoid having to do real marketing.

Funny enough most of the hacked site's are from my country,that are ranking for best cbd gummies. Is there a loophole these guy's look for,like an out dated wordpress theme or a plugin?

 

[DunderMannen]

Funny enough most of the hacked site's are from my country,that are ranking for best cbd gummies. Is there a loophole these guy's look for,like an out dated wordpress theme or a plugin?

Most likely. Or it's just brute forcing through the /wp-login. You'd be surprised how many WP-sites go unchecked for years, those can be brute forced still

 

[ryandiscord]

Is there a loophole these guy's look for,like an out dated wordpress theme or a plugin?

Most likely. Or it's just brute forcing through the /wp-login.

Brute force login attempts, vulnerable plugins, outdated wordpress instances. The site I fixed had an outdated wordpress instance because it was running on an older version of php, along some abandoned plugins. The script they installed was able to go above the public folder and into other site folders on the server, so somehow they got file writing permissions on the server.

If you run any security plugins like Wordfence you can see all the login attempts, checking through lists of known vulnerable plugins. You may even see post comments with lines of SQL injections attempts. I'm pretty sure most are just scouring the web with bots looking for any site with a known vulnerability. The most vulnerable being sites with limited resources or attention.