25 Dec, 2016

HTTP 404 Error to Generate and Serve Custom SPAM Pages

Learn how hackers exploit the custom 404 error pages to generate and serve SPAM content to unsuspecting visitors. Find out how Quttera can help you clean up and protect your website from malware.
One of the most recognizable errors encountered on the Internet is the “404 Not Found” page. The website hosting server usually generates such error when a visitor attempts to access a page that does not exist (broken or dead link). Webmasters can configure the servers to display a customized and more user-friendly 404 error page offering the sitemap, branding or other helpful information. This post shows how the hackers that broke into the web server through the compromised website exploited this mechanism to serve SPAM.
Malware Investigation
  1. As in most of the cases with the CMS (Content Management System) -based websites, the infection occurred due to outdated WordPress installation.
  2. Hackers uploaded huge amount of PHP templates to generate spam pages targeting visitor’s geo location
  3. All the main WP folders contained .htaccess file which upon access generated error 404
  4. Hackers planted the malware code into all themes that had separate 404 handlers (.php page to configure the custom 404 page) replacing the customized 404 error page with SPAM
The infected .htaccess:
How It Worked?
  1. Visitor accessed a website
  2. Infected .htaccess generated error 404
  3. Configured theme tried to show particular page for error 404 but due to infection it presented custom SPAM page
Is your website flagged for malware, blocked by the search engines or disabled by the host?
Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select from suitable ThreatSign! Anti-Malware Plan and get back online.

For other issues and help: Quttera's help-desk