How the spammers are doing it

The point about posting links without benefit does not make sense to me. As others have said either posting all these was to move up the Google rankings or they get paid by some other means. If nothing else determining the reasons why this was done is fascinating.


Paul
 
Well, if it is an embedded script, then I presume it's going to make a linked page think it's been clicked.

Other than that - hard to see what's going on.
 
i think that was where wackypete was going with the phantom click idea, though i think his post went west in a clearout? when he gets back on we'll know more.
 
I'm googling 'black hat SEO' and found this. Could there have been any white text on white backgrounds in those posts? Actually not white, I just noticed its sort of blueish, still could they have matched the colour and posted invisible text?

Avoid These 9 BLACK HAT SEO Tricks
 
Could there have been any white text on white backgrounds in those posts? Actually not white, I just noticed its sort of blueish, still could they have matched the colour and posted invisible text?

no i don't think that's it, there was no hidden text that could be read directly, it was stored in a tiny symbol smaller than a full stop, the one pete mentioned was a 1x1 pixel, the one i took a screen shot of was a sort of tiny L shape.

123900d1319380518-margin-call-movie-3hiddensymbol.jpg
 
Last edited:
no i don't think that's it, there was no hidden text that could be read directly, it was stored in a tiny symbol smaller than a full stop, the one pete mentioned was a 1x1 pixel, the one i took a screen shot of was a sort of tiny L shape.

Not read directly but read by google/yahoo spiders? So an SEO trick rather than a link to an affiliate site. So need need for a 'click'.
 
Last edited:
Hey guys...
1x1 pixels are not or do not have to be clickable links. The php script automatically registers a hit each time the page is loaded via the pixel. Without seeing the script I don't know exactly how it works but at a minimum it shows how many times the t2w page(s) were loaded, ie: visitors to the tw2 page(s). This is still useful info.

Also...bad news here. This same method is used in email to transmit adware or malware just by opening the email. IT CAN ALSO BE USED THAT SAME WAY HERE EACH TIME A PAGE WITH THE SCRIPT IS LOADED. However my spyware and virus logs are not registering anything so that's most likely NOT how it's being used here so far.

I had a link to some great info on how the email spam works in a post that was deleted. Naturally I can't find the link again. Shame on me. Maybe barjon can sort though the post.

Peter
 
I don't understand how this all works. Would it be the case that every time members opened a zutou post it would have clicked through to a "hit" on Amazon? Since members didn't know they were there they were not "inconvenienced" by being prompted to visit Amazon and I can't see how Amazon would benefit in any way unless those members found their way to them to potentially buy something.

All seems very odd.
 
Google are pretty sharp when it comes to seo tricks and have recently changed the way that they rank sites and pages. There was a lot of grumbling recently by some companies who suddenly found themselves no longer at the top as they had used to be. One ceo was threatening to sue Google because of this which is utter insanity. I am sure Google would win any case of this sort on the grounds of deciding that it is their business to decide what and how they wish to have as a product and the fact that they would have the legal weight to take on anyone.


Paul
 
Hey guys...
1x1 pixels are not or do not have to be clickable links. The php script automatically registers a hit each time the page is loaded via the pixel. Without seeing the script I don't know exactly how it works but at a minimum it shows how many times the t2w page(s) were loaded, ie: visitors to the tw2 page(s). This is still useful info.

Also...bad news here. This same method is used in email to transmit adware or malware just by opening the email. IT CAN ALSO BE USED THAT SAME WAY HERE EACH TIME A PAGE WITH THE SCRIPT IS LOADED. However my spyware and virus logs are not registering anything so that's most likely NOT how it's being used here so far.

I had a link to some great info on how the email spam works in a post that was deleted. Naturally I can't find the link again. Shame on me. Maybe barjon can sort though the post.

Peter

was this the one, pete?

Hey guys here's more info on whats happening. Admin really needs to remove the posts altogether.

the ukuo_dot_info site is a php script redirect. In this case it redirects to a known site, in this case cuoda_dot_net. The known sites were hijacked. This is an email method and gets past many email and browser site checks since the known sites don't have any type of spam/scam complaints against them.

There are 2 uses for this. First is to cause malware to set up on a computer to either siphon information or transmit information and infection is simply by opening an email. More info on that here: CyberCrime & Doing Time

The other use is what I believe is being used here. Some sort of pay-thru counter like click-thru only you don't have to click, just load the page. I'm not sure but probably a combination of the 2 can be used to insert malware on computers that load the page - conjecture on my part, but seems reasonable.

Peter

 
Thats it :) Many thanks!
For those interested google "CyberCrime & Doing TIme" for the info on the email stuff.

hehe, I saved the link this time (y)


Peter
 
I don't understand how this all works. Would it be the case that every time members opened a zutou post it would have clicked through to a "hit" on Amazon? Since members didn't know they were there they were not "inconvenienced" by being prompted to visit Amazon and I can't see how Amazon would benefit in any way unless those members found their way to them to potentially buy something.

All seems very odd.

So far none of us completely understand it, but it's either what you have just described or something very similar.

Still picking away at it :)

Peter
 
Can we see the script?

I haven't been able to. I'm not sure you can. It's not like javascript where the code loads directly into the html before the page is displayed. My knowledge of this stuff is a little out of date though. It's been quite a while since I actually used most of it.

Peter
 
Top