Reputation: 840
I can't understand what this malicious HTML/CSS is doing
I've just cleaned up a friend's e-commerce website. The hosting company had detected and removed some malware, however my friend's customers were still reporting problems with being directed to porn sites when accessing his website. Looking over his site, it seemed that the malware had updated his web pages before it was removed, but his hosting company had not spotted these updates.
The following code had been inserted in his index.php just before the closing body tag:
<div align="justify" style='width: 1px; height: 1px; overflow: auto;'>
<a href="http://*********.org">porn terms here</a><br><a href="http://*********.com">more porn terms here</a><br>
</div>
(the asterisks are mine; there were lots more links in the original.)
I can see that this defines a 1px x 1px area at the foot of the page containing the porn links, but what is it achieving? It doesn't seem possible for users to accidentally click on the links inside this small area. (or do some browsers overflow them to another position on the page?) Or is it just meant to send spiders etc off to these porn links?
Any suggestions gratefully received.
Upvotes: 2
Views: 1057
Answers (3)
Reputation: 502
I would think that code is just to hide links to boost the porn site's search ranking. It would require a meta refresh or js window.location type redirect to actually direct users off-site, and at that point it would make the most sense to just state the links in that code.
Overflow being set to "auto" would normally display a scrollbar, but at that size you only see a white pixel.
Upvotes: 0
Reputation: 5532
Google's PageRank scores pages in part by counting the number of links to that page by other web pages. So the idea is that Google's web crawler would find these otherwise hidden links and increase the score of the linked-to pages. Seed these links in lots of places and the target porn site will in theory show up higher in Google search results for the associated "porn terms." I say in theory because I've read elsewhere that Google discounts hidden links like these.
Upvotes: 4
Reputation: 6632
It's just putting a link on the page, like you said. My suspicion is there is JavaScript somewhere that will access those links at some event or point in time (especially if users are actually being directed there). Otherwise it could be a spam agent's attempt to get more "backlinks" to their porn website.
I can't know for sure without seeing the full PHP/JavaScript/HTML/CSS/whatever of the site, but for what you have, that's my best guess.
Upvotes: 2
Related Questions
- what is this strange "script" doing?
- css - css coding that I have never seen
- Please explain this CSS
- Can't figure out what is happening with this HTML/CSS.
- Please help me to understand the following CSS code
- What does this HTML code mean?
- What does this css code mean?
- Can anyone explain the following code?
- Explanation of this CSS code
- What does the following code do in CSS?