How the spammers are doing it

Jan 14, 2003
8,421
870
173
UK
#21
The point about posting links without benefit does not make sense to me. As others have said either posting all these was to move up the Google rankings or they get paid by some other means. If nothing else determining the reasons why this was done is fascinating.


Paul
 
Feb 6, 2004
4,846
776
123
uk
#23
i think that was where wackypete was going with the phantom click idea, though i think his post went west in a clearout? when he gets back on we'll know more.
 
Oct 11, 2006
8,072
1,300
223
#24
I'm googling 'black hat SEO' and found this. Could there have been any white text on white backgrounds in those posts? Actually not white, I just noticed its sort of blueish, still could they have matched the colour and posted invisible text?

Avoid These 9 BLACK HAT SEO Tricks
 
Feb 6, 2004
4,846
776
123
uk
#25
Could there have been any white text on white backgrounds in those posts? Actually not white, I just noticed its sort of blueish, still could they have matched the colour and posted invisible text?
no i don't think that's it, there was no hidden text that could be read directly, it was stored in a tiny symbol smaller than a full stop, the one pete mentioned was a 1x1 pixel, the one i took a screen shot of was a sort of tiny L shape.

 
Last edited:
Oct 11, 2006
8,072
1,300
223
#26
no i don't think that's it, there was no hidden text that could be read directly, it was stored in a tiny symbol smaller than a full stop, the one pete mentioned was a 1x1 pixel, the one i took a screen shot of was a sort of tiny L shape.
Not read directly but read by google/yahoo spiders? So an SEO trick rather than a link to an affiliate site. So need need for a 'click'.
 
Last edited:

wackypete2

Well-known member
Sep 24, 2008
10,134
2,012
323
New Jersey
#28
Hey guys...
1x1 pixels are not or do not have to be clickable links. The php script automatically registers a hit each time the page is loaded via the pixel. Without seeing the script I don't know exactly how it works but at a minimum it shows how many times the t2w page(s) were loaded, ie: visitors to the tw2 page(s). This is still useful info.

Also...bad news here. This same method is used in email to transmit adware or malware just by opening the email. IT CAN ALSO BE USED THAT SAME WAY HERE EACH TIME A PAGE WITH THE SCRIPT IS LOADED. However my spyware and virus logs are not registering anything so that's most likely NOT how it's being used here so far.

I had a link to some great info on how the email spam works in a post that was deleted. Naturally I can't find the link again. Shame on me. Maybe barjon can sort though the post.

Peter
 

barjon

Well-known member
May 6, 2003
9,998
1,448
223
78
#29
I don't understand how this all works. Would it be the case that every time members opened a zutou post it would have clicked through to a "hit" on Amazon? Since members didn't know they were there they were not "inconvenienced" by being prompted to visit Amazon and I can't see how Amazon would benefit in any way unless those members found their way to them to potentially buy something.

All seems very odd.
 
Jan 14, 2003
8,421
870
173
UK
#30
Google are pretty sharp when it comes to seo tricks and have recently changed the way that they rank sites and pages. There was a lot of grumbling recently by some companies who suddenly found themselves no longer at the top as they had used to be. One ceo was threatening to sue Google because of this which is utter insanity. I am sure Google would win any case of this sort on the grounds of deciding that it is their business to decide what and how they wish to have as a product and the fact that they would have the legal weight to take on anyone.


Paul
 

barjon

Well-known member
May 6, 2003
9,998
1,448
223
78
#31
Hey guys...
1x1 pixels are not or do not have to be clickable links. The php script automatically registers a hit each time the page is loaded via the pixel. Without seeing the script I don't know exactly how it works but at a minimum it shows how many times the t2w page(s) were loaded, ie: visitors to the tw2 page(s). This is still useful info.

Also...bad news here. This same method is used in email to transmit adware or malware just by opening the email. IT CAN ALSO BE USED THAT SAME WAY HERE EACH TIME A PAGE WITH THE SCRIPT IS LOADED. However my spyware and virus logs are not registering anything so that's most likely NOT how it's being used here so far.

I had a link to some great info on how the email spam works in a post that was deleted. Naturally I can't find the link again. Shame on me. Maybe barjon can sort though the post.

Peter
was this the one, pete?

Hey guys here's more info on whats happening. Admin really needs to remove the posts altogether.

the ukuo_dot_info site is a php script redirect. In this case it redirects to a known site, in this case cuoda_dot_net. The known sites were hijacked. This is an email method and gets past many email and browser site checks since the known sites don't have any type of spam/scam complaints against them.

There are 2 uses for this. First is to cause malware to set up on a computer to either siphon information or transmit information and infection is simply by opening an email. More info on that here: CyberCrime & Doing Time

The other use is what I believe is being used here. Some sort of pay-thru counter like click-thru only you don't have to click, just load the page. I'm not sure but probably a combination of the 2 can be used to insert malware on computers that load the page - conjecture on my part, but seems reasonable.

Peter

 

wackypete2

Well-known member
Sep 24, 2008
10,134
2,012
323
New Jersey
#33
I don't understand how this all works. Would it be the case that every time members opened a zutou post it would have clicked through to a "hit" on Amazon? Since members didn't know they were there they were not "inconvenienced" by being prompted to visit Amazon and I can't see how Amazon would benefit in any way unless those members found their way to them to potentially buy something.

All seems very odd.
So far none of us completely understand it, but it's either what you have just described or something very similar.

Still picking away at it :)

Peter
 

ingot

Active member
Sep 26, 2011
102
0
26
#36
wow this is crazy! technology man...