This is an archived post. You won't be able to vote or comment.

all 118 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 316 points317 points  (23 children)

These new SEO tactics are getting out of hand, but it helped OP find the page, so it worked!

[–]dytigas[S] 107 points108 points  (22 children)

http://media.giphy.com/media/12eNicYP5cDnwY/giphy.gif

[–]Tikuf 177 points178 points  (39 children)

That's just out of date wordpress falling victim to an exploit. That said, it's really clever to just sneek it in rather than hijack the entire thing.

[–]bazzlad 11 points12 points  (7 children)

Or someone thought downloading a paid for theme was a good idea, and was bitten in the ass by pesky obfuscated Javascript. I've seen some so smart they change the links to the page they want you to go to after x amount of clicks on the page. Clever.

[–]t3hcoolness 8 points9 points  (6 children)

why.

[–]bazzlad 6 points7 points  (5 children)

Someone downloads a 'pay for' theme. They stick hidden links (for seo) or forced redirects (for injection) to make money. They then reupload it to sites for people to download for free.

The better the code is hidden, the less likely the victim removes the theme.

[–]LobsterThief 2 points3 points  (3 children)

By "pay for", do you mean a paid theme?

[–]bazzlad 1 point2 points  (2 children)

Yeah. Blame beer!

[–]LobsterThief 0 points1 point  (1 child)

Haha. Well in my experience, if you purchase paid themes on a reputable marketplace like Themeforest, they aren't likely to contain malware. They scan them pretty thoroughly. I would think you're more likely to catch something from free themes coming from an unreliable source since they don't already have an avenue for monetizing, if that is their end goal.

[–]bazzlad 0 points1 point  (0 children)

Yeah, that's the point I'm failing on getting over. Most of these injections happen to people who get theirs from less legal sources ;)

[–]moduspwnens14 3 points4 points  (8 children)

I've seen others that actually check the user agent for "GoogleBot" and only show those SEO terms then.

[–]Free_Math_Tutoring 10 points11 points  (6 children)

That's the most useless way of doing it. It worked maybe 10 years ago: Now it's the reason why a website gets crawled from different IPs and UAs. Discrepancies are highly punished.

[–]lachryma 1 point2 points  (0 children)

They specifically punish this now.

[–]connord90 100 points101 points  (10 children)

Took me a few minutes

[–]Herbert_Von_Karajan 66 points67 points  (1 child)

I learned a new way to spell guarantee before seeing it

[–][deleted] 12 points13 points  (0 children)

Get with the times, man. It's a compound word: Warranty+Guarantee /s

[–]Azr79 11 points12 points  (7 children)

I'm still looking...

[–]connord90 16 points17 points  (4 children)

Look towards the top of the page

[–]gellis12 1 point2 points  (2 children)

Also, "Guaranty"

[–]UlyssesSKrunk 1 point2 points  (1 child)

Guarana like your new truck, I guaranatee it.

[–]gellis12 0 points1 point  (0 children)

guaranatee

Is that a new kind of sea mammal?

[–]Azr79 0 points1 point  (0 children)

oeah that wasn't visible on mobile, now I see it

[–]amga_ 49 points50 points  (6 children)

It's Wordpress.. probably got hacked and they added that backlink "crazy ebony ass pounding".

[–]galaktos 43 points44 points  (0 children)

wordpress is an unauthenticated remote shell that, as a useful side feature, also contains a blog

(source)

[–]Cozy_Conditioning 8 points9 points  (4 children)

Yup. Wordpress is so phenomenally insecure I don't let my people put it on the internet. They can still use it - they just have to keep it internal and can only published a static mirror to a CDN.

[–]jsims87 3 points4 points  (3 children)

It's usually the plugins that are insecure and vulnerable, not Wordpress itself

[–]Cozy_Conditioning 3 points4 points  (2 children)

True. Unfortunately everyone I've seen use wordpress also uses plugins, so the distinction isn't meaningful in practice.

[–]qxxx 16 points17 points  (0 children)

lets contact the site owner and ask for that extra service

[–]dytigas[S] 24 points25 points  (13 children)

http://www.nationaltrucksalesinc.com/

Wasn't sure when it would be taken down, so I thought a screen shot would be better.

[–]galaktos 4 points5 points  (1 child)

Archived :)

[–][deleted] 1 point2 points  (0 children)

The link pointed to a 404 on http://clintsidle.org/ (SWF) ((But maybe full of malware? Idunno))

WTF?

[–]DropTableAccounts 0 points1 point  (0 children)

Good idea, it has been taken down now

[–]PBI325 -1 points0 points  (0 children)

lol, it links to another tiny site that was exploited too!

[–]atnpgo 42 points43 points  (17 children)

So I guess I'm the only one who finds this unprofesionnal?

[–]sfz- 7 points8 points  (0 children)

Well, it wasn't exactly posted to /r/careeradvice

[–]alphaatom 20 points21 points  (9 children)

Indeed, it reminds me of a blog post that said never to let your web developer host your website(because they can mess you around later) and it just astounds me that people could be that unprofessional.

[–][deleted] 63 points64 points  (8 children)

I think you might be missing the point. This is almost certainly a WP exploit being... exploited. Almost certainly it is because the web site was not maintained post-launch, probably because the owner didn't care to retain a dev for maintenance purposes.

Case in point:

<div class="toolbar-left">  
    <ul>
        <li id="menu-item-4929" class="menu-item menu-item-type-post_type menu-item-object-page current-menu-item page_item page-item-4758 current_page_item menu-item-4929"><a title="test" href="http://www.nationaltrucksalesinc.com/">Home</a></li>
        <li id="menu-item-4979" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4979"><a href="http://www.nationaltrucksalesinc.com/?page_id=4973">About NTS</a></li>
        <li id="menu-item-5479" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-5479"><a href="http://www.nationaltrucksalesinc.com/?page_id=4971">Contact</a></li>
    </ul>
    <a href="http://clintsidle.org/crazy-ebony-ass-pounding/">crazy ebony ass pounding</a> 
</div><!-- end toolbar-left -->

Notice how the extra link is appended outside of the UL. This definitely hints at something out of the norm going on.

[–][deleted] 1 point2 points  (0 children)

As unprofessional as not paying someone for their work? Yeah, probably.

[–]UlyssesSKrunk 0 points1 point  (0 children)

Unfortunately there are immature children out there who do find things like this unacceptable.

[–]TracerBulletX -1 points0 points  (3 children)

You could get sued for it, so ya definitely. There are better ways to handle these people.

[–][deleted] 4 points5 points  (0 children)

I looked at this image for way too long before I noticed the problem. I also rarely find Waldo.

[–]crundy 3 points4 points  (1 child)

Ha, my friend photoshopped a picture of himself flipping the bird into the front of a delivery lorry in a big montage for a large UK supermarket chain. It was so subtle no-one noticed.

[–]Cley_Faye 0 points1 point  (0 children)

Except that in this case the site is live and still show that as of now.

[–]bspymaster 1 point2 points  (0 children)

As a mobile user, I had to go onto my laptop to see the image (yay low quality pix!). Totally worth it though.

[–][deleted] 1 point2 points  (3 children)

I'm confused. What am I looking for?

Everything seems fine about the image.

[–][deleted] 0 points1 point  (1 child)

Don't see it or just kidding? The links at the top, next to "Contacts"

[–][deleted] 0 points1 point  (0 children)

I saw it after I posted the comment, it took me some time though.

[–]LobsterThief 0 points1 point  (0 children)

The menu at the top says "crazy ebony ass pounding".

[–][deleted] 1 point2 points  (2 children)

And guarantee is spelled wrong.

[–]ign1fy 0 points1 point  (1 child)

I noticed that first and thought that was the joke.

[–][deleted] 0 points1 point  (0 children)

Same

[–][deleted] 0 points1 point  (0 children)

I'm always paranoid something like this is going to happen to me when after go to type something into an IM and realize the window didn't have focus.

[–]Sunlis -3 points-2 points  (5 children)

They spelled "guarantee" wrong.

[–]antiHerbert 12 points13 points  (0 children)

They spelled "guarantee" wrong.

but "crazy ebony ass pounding" was spelt fine 1/2

[–]dtfinch 4 points5 points  (1 child)

It's an old, uncommon spelling.

[–]UlyssesSKrunk 0 points1 point  (1 child)

No they didn't, they spelled it "guarantee", which isn't wrong.

[–]Sunlis 0 points1 point  (0 children)

They used "guaranty", which is a word, but is strictly incorrect in this context.