How to write your own cloaking detector in PHP

Cloaking is black hat SEO that we always hate, especially running wordpress that always gets hacked with spam links injection at the bottom of your footer page.

If you wanna detect if your blog has been hacked with cloaking a very simple PHP script as follows will do. Using the ini_set(‘user_agent’,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)’); to set the user agent as GoogleBot, then having your PHP script to open the specified URL and dump the HTML source out in a text area.

From that on, you can verify at the bottom of your source code if it’s been injected with spam links. Normally this happened with wordpress-powered blog, which they adds a wp_footer() function at the footer.php of your blog’s theme. So you’ll find lots of spam links at the bottom of the page.

<?php
if ( trim($_REQUEST['u'])!=” && valid_url($_REQUEST['u']))
{

  ini_set(‘user_agent’,'Googlebot/2.1 (+http://www.googlebot.com/bot.html)’);

  $fh = fopen($_REQUEST['f'],’r');
  $x=”;
// defines which functions to call when element started/ended
  while ($data = fread($fh, 4096))
  {
    $x.=$data;
  }

  fclose($fh);
?>
<div>
<b>Viewed by GoogleBot</b> File size: <?php echo strlen($x);?><br/>
<textarea cols=”50″ rows=”30″><?php echo htmlspecialchars($x);?></textarea><br/>
</div>
}

function valid_url($str)
{
return ( !preg_match(‘/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i’, $str)) ? FALSE : TRUE;
}
?php >

When you execute the above script to check your site, lets say you host it under your server www.yoursite.com, you should open the URL as http://www.yoursite.com/?u=http://www.thesitetocheck.com . The “http://www.thesitetocheck.com” is what you’re concerned if it’s been hacked. Please note I also include a valid_url() function here for the script to check if the input parameter $_REQUEST['u'] is a valid URL – if NOT doing so, it’ll expose the script to a security risk that people could make use of it to open your local file which will expose your other program source code.

If you’ve found by simply displaying the HTML source code on a textarea is hard for you to verify it at a quick glance if your site has been injected by spam links, you can then extend the PHP script above by having another chunk of code that uses ini_set(‘user_agent’,'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)’); to tell the remote site it’s a browser which in this case is IE 7 and display the downloaded source code with the length also for a comparison side by side.

If the two displays with a great percentage of difference that your site must have been hacked! To prevent getting hacked, upgrade your WordPress to the latest version 2.6.2 and make your theme non-writable! Here is a cloaking detector which you can make use of it to check for any spam links injection.

Enter your email address to subscribe our newsletter or feed for FREE:

Delivered by FeedBurner


Bookmark with:

[Delicious]    [Digg]    [Reddit]    [Facebook]    [StumbleUpon]

0 Responses to “How to write your own cloaking detector in PHP”


  1. No Comments

Leave a Reply

You must login to post a comment.