User Tools

Site Tools


website_cloaking

Website Cloaking

When a website is hacked, the hacker may implement some code into the mix that will “cloak” the bad coded when a user-agent of 'Googlebot' is specified.
This would mean that the website is still crawled/indexed and will still appear on google search however when a 'normal' user loads the website, they are presented with a more malicious site

You can check the site using MD5 and specifying different user-agents such as the examples below:

No user-agent specified:

$ curl -s lukeslinux.com | md5sum
cd2e0e43980a00fb6a2742d3afd803b8  -
Now we specify a random useragent:
$ curl -s lukeslinux.com -A 'randomstring' | md5sum
cd2e0e43980a00fb6a2742d3afd803b8  -
Now we specify google as the useragent. The example below shows a random MD5 sum presented to the google bot to 'cloak' the real nature of the website:
$ curl -s lukeslinux.com -A 'Googlebot' | md5sum
803771c199cb89c06e563f8cf3bfda0c  -

website_cloaking.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki