Weekly malware update. You can track all updates by following our malware_updates category.
- *If your site has been affected with any of these issues, contact us at firstname.lastname@example.org or visit http://sucuri.net to get help or if you want to share some information with us.
Pharma / Blackhat SEO Spam by stat-tracker.info and others
We are tracking a large number of web sites that got hacked and are redirecting users to pharmacy-related domains. All the sites had the following code added to their PHP files:
Which basically redirect the user if they came from a search engine. Domains used in these attacks (among many others):
They just act as an intermediary before sending the user to sites like http://centerpills.com/ and similar (to buy fake pharmacy related products).
For hosting providers, I recommend blocking the following IP addresses: 18.104.22.168, 22.214.171.124 and 126.96.36.199.
All the sites infected had old/ vulnerable versions of web applications running. So make sure to keep your sites updated!
To avoid getting your site blacklisted or with malware, visit http://sucuri.net to learn about our site security monitoring and malware removal solutions.