Is SEOmoz spamming Yahoo?
November 28th, 2007 by bentley007
Please note: the title of this article is meant purely in jest.
I was doing some shameless vanity searching this morning, and I came upon an interesting and intriguing discovery.
A search at Yahoo.co.uk for “geosign seo” turned up a listing from SEOmoz.org. Surely, there is nothing surprising about this. While I was SEO for the publishing division at Geosign, I arranged for Rand to come spend a couple days with our staff. We spent two remarkable days in workshops with the Wizard of Moz, who graciously allowed us to set the agenda for the sessions. Our attendees were derived mainly from the editorial, design, seo, and development teams. We essentially bombarded him with questions of every sort for two days. It was awesome! Rand blogged about it shortly thereafter, so it comes as no surprise that he would rank for a non-competitive longtail term like this.
At last check, SEOmoz.org was sitting at position #17. What was most interesting to me in this instance was not that SEOmoz was ranking for the term, but the actual page that was ranking. It wasn’t the blog post noted above; it was something else entirely. It appeared to be a log file of some sort!
http://www.seomoz.org/user_files/2007/WS_FTP.LOG
I fired off a quick email to Rand, and he seemed genuinely grateful for the “head’s up”.
A quick search for the filetype turned up the following:
From the site ranking #1:
“Neohapsis provides independent information risk and security consulting, forensic services, and product testing of unparalleled depth and quality. Our experts deliver specialized services in information risk management, application security, network and endpoint security, security product testing, and digital forensics.”
From their forum archives:
“WS_FTP is a popular & feature rich ftp client. It
makes upload/download as easy as drag & drop. But
mostly peoples using this forget that it creates a log
file with name ws_ftp.log. This file holds sensitive
data such as file source/destination and file name,
date/time of upload etc., People when use this to
upload files to their website, never know that along
with other files even ws_ftp.log file also gets
uploaded to the webserver, making it globally
accessible.
One can find thousands of ws_ftp.log files with a
quick google search as follows,
http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3Aws_ftp.log
now people might use extensive google search to find
files that have got copied to web server recently with
following query, which will show you what files
actually got copied in Auguts 2004, because its likely
that those files will still be in there in web server.
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=2004.08+inurl%3Aws_ftp.log+&btnG=Search
An attacker has a look at cached google page (without
actually hitting the target & leaving traces at
webserver logs) and quickly finds out some vital
informations such as,
1. Exact location of file in web server (i.e.,
/usr/local/www/test/abc.htm instead of
www.web.dom/test/abc.htm).
2. It some times also gives user names(in case where
web master gives each user a directory to host their
websites), which later can be used with brute
force/dictonary attack to gain access to web server.
3. It makes it easy to find/download vulnerable
scripts or classes in a website, with again just a
google search, as given below. Which otherwise can be
found by viewing source of html file. Which can later
be use to attack the host.
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=class+2004.08+inurl%3Aws_ftp.log+
Other than that it also (sometimes) gives internal
hostname/ip address of webserver. ”
The moral of the story: these files contain sensitive information about your site, your technology and possibly your business activites. Think about it.
A lesson learned: it looks like Yahoo is now ranking meaningless log files…at least for long tail queries. I can almost hear the spam engines revving up now.
It does make me wonder though…
Has Rand finally gone over to the dark side? Is this all part of an SEOmoz experiment in the dark arts of blackhat SEO? The truth is out there, my friends.
