Questionable content in some Chillies websites?

[Bar0n]

After seeing a strange result while Googling, I noticed a common piece of HTML in several websites done by Chillies:

A div, hidden from sight at -999px top and left, on the homepages of several sites:

<div style="position: absolute; top: -999px; left: -999px;"><a href="http://www.oksources.su" title="replica watches" ><strong>Replica Watches</strong></a><a href="http://www.abercrombieoutletsonline.net" title="abercrombie shop">abercrombie shop</a><a href="http://www.cheapjchandbagsale.com" title="cheap juicy couture">cheap juicy couture</a><a href="http://www.ecigarettemate.com" title="electronic cigarette">electronic cigarette</a><a href="http://www.ghdforsale.co.za" title="ghd south africa">ghd south africa</a><a href="http://www.winpolos.com" title="ralph lauren sale">ralph lauren sale</a><a href="http://www.abercrombieskyshop.com" title="cheap abercrombie">cheap abercrombie</a><a href="http://www.7dayswholesales.org/Ralph-Lauren.html" title="ralph lauren wholesale">ralph lauren wholesale</a></div>

Examples (all of them somehow related to Bloem it would seem):
www.bloemspa.co.za
www.bloemskou.co.za
www.knightscricket.co.za
www.fscheetahs.co.za
www.drugtrial.co.za
www.sentraal.co.za


Is it possible to inject HTML code like this, i.e. poor security on Chillies' side, or was this inserted into the web page on purpose, to generate revenue, etc?

 

[froot]

After seeing a strange result while Googling, I noticed a common piece of HTML in several websites done by Chillies:

That's just pure dodgyness, and reflects badly on them as a company

 

[Bar0n]

It is very dodgy, yes.

 

[Ipwn 4]

Highly doubt chillies has anything to do with this, hidden divs are usually planted by black hat SEO's. His sites are most probably targeted due to a lack of security....

Someone should tell him though, google bot doesn't like invisible content very much.

 

[The_Unbeliever]

/goes off to check our website

 

[The_Unbeliever]

Any website properly coded by a developer can withstand this, this is utter rubbish go spam somewhere else

Not quite.

The more complex a website, the more opportunities it offers for ne'er-do-wells to inject their nasty payloads.

But n00b web programmers/developers also make mistakes with little things, allowing backdoors to be inserted surreptitiously...

 

[nelio]

Mail from Gordon:

Hi Almal

Sentraal, en knights is gedoen. Kry nie die code in fscheetahs nie. Ek het nou vergadering, sal julle die res doen. Dit lê in die default.aspx

<div style="position: absolute; top: -999px; left: -999px;"><a href="http://www.oksources.su" title="replica watches" ><strong>Replica Watches</strong></a><a href="http://www.abercrombieoutletsonline.net" title="abercrombie shop">abercrombie shop</a><a href="http://www.cheapjchandbagsale.com" title="cheap juicy couture">cheap juicy couture</a><a href="http://www.ecigarettemate.com" title="electronic cigarette">electronic cigarette</a><a href="http://www.ghdforsale.co.za" title="ghd south africa">ghd south africa</a><a href="http://www.winpolos.com" title="ralph lauren sale">ralph lauren sale</a><a href="http://www.abercrombieskyshop.com" title="cheap abercrombie">cheap abercrombie</a><a href="http://www.7dayswholesales.org/Ralph-Lauren.html" title="ralph lauren wholesale">ralph lauren wholesale</a></div>

 

[nelio]

This was not SQL attack, was FTP, the client ISP made alterations to their FTP passwords.

The CMS is our own custom CMS, we not using third party Joomla or Wordpress CMS, it does however have more vulnerabilities but our clients has total custom CMS doing things they want it to work like, clients using our CMS are mostly those that was limited by previous Joomla CMS & templates, these templates are nice and fast to put a website together, we not against it, we do however also offer Wordpress templates to our clients which cant afford the custom version, they work great and stable, but unfortanely has limitations for the larger corporate clients which prefers our custom CMS. We do improve it all the time, the older websites also gets improve once fault reported by client, we make alterations immediately with our experienced and big development team.

Thank you for the advice offered by some above, we believe at Chillies that no matter how amazing platforms we can develop, we can still learn from novice, professional & even clients.

I appreciate the advice, we also corrected these sites that was hacked via FTP into front end of websites & not into the SQL data base. will also have a look at the software that shows venerability of our older CMS versions & correct them for the client.

 

[nelio]

i asked you question? thanks for the asnwer.

about Facebook, you added me and why dont you mute unsubscribe or unfriend? keeping close inspection on how I do things?

 

[nelio]

yes it was lack of security on server which allow them to do FTP attack via the clients ISP that host those websites. this was in front end of website and not sql injection. the isp did change their passwords & improve server securities. these black hat seo's future anyway coming to end with the new algorithms used by google

 

[Ipwn 4]

The real issues isn't the webdesigners security, I'd like to know who the black hat SEO company behind this thing is.

Edit : nah it's cool, they are such noobs.... There are local companies who can do a better job.

 

[roguemat]

Ok, so a company made a mistake. This really isn't a big deal.

 

[Messugga]

Good grief, you guys do realise that you sound like children bickering? Doesn't do much for small Bloemfontein-based development companies' reputations.