{"id":5034,"date":"2024-03-01T12:00:38","date_gmt":"2024-03-01T19:00:38","guid":{"rendered":"https:\/\/www.whitefirdesign.com\/blog\/?p=5034"},"modified":"2024-03-01T11:01:31","modified_gmt":"2024-03-01T18:01:31","slug":"brigham-young-university-cdn-being-abused-by-web-spammers","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2024\/03\/01\/brigham-young-university-cdn-being-abused-by-web-spammers\/","title":{"rendered":"Brigham Young University CDN Being Abused by Web Spammers"},"content":{"rendered":"<p>The last few days we have been looking at what web spammers have been abusing to place spam files on various websites. Some of that has involved various websites from major universities, <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2024\/02\/28\/spammers-still-abusing-drupal-webform-module-to-put-spam-pdfs-and-pages-on-websites\/\">including Duke and Harvard<\/a>. That isn&#8217;t all that surprising as they can have a lot of websites and they can stay up despite no longer being actively used. More surprising is that we found that a CDN belonging to Brigham Young University is also being used, and that appears to have gone unnoticed. Here is an example of spam files that have been included in Google search results from that:<\/p>\n<p><a href=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5041\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-1.png\" alt=\"\" width=\"898\" height=\"618\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-1.png 898w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-1-300x206.png 300w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-1-768x529.png 768w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/a>So Google also seems to have a problem with catching web spam as well.<\/p>\n<p>Also, it is worth noting here that Google is willing to display a claim that something has 7,447,548 votes:<\/p>\n<p><a href=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5042\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-2.png\" alt=\"\" width=\"617\" height=\"167\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-2.png 617w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2024\/03\/brigham-young-university-cdn-spam-2-300x81.png 300w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/a>That claim comes from data in the file:<\/p>\n<pre id=\"line1\">&lt;<span class=\"start-tag\">script<\/span> <span class=\"attribute-name\">type<\/span>=\"<a class=\"attribute-value\">application\/ld+json<\/a>\"&gt;\r\n<span id=\"line6\"><\/span>    {\r\n<span id=\"line7\"><\/span>      \"@context\": \"https:\/\/schema.org\",\r\n<span id=\"line8\"><\/span>      \"@type\": \"SoftwareApplication\",\r\n<span id=\"line9\"><\/span>      \"name\": \"VBUCKS\",\r\n<span id=\"line10\"><\/span>      \"operatingSystem\": \"ANDROID\",\r\n<span id=\"line11\"><\/span>      \"applicationCategory\": \"GameApplication\",\r\n<span id=\"line12\"><\/span>      \"aggregateRating\": {\r\n<span id=\"line13\"><\/span>        \"@type\": \"AggregateRating\",\r\n<span id=\"line14\"><\/span>        \"ratingValue\": \"4.8\",\r\n<span id=\"line15\"><\/span>        \"ratingCount\": \"7447548\"\r\n<span id=\"line16\"><\/span>      },\r\n<span id=\"line17\"><\/span>      \"offers\": {\r\n<span id=\"line18\"><\/span>        \"@type\": \"Offer\",\r\n<span id=\"line19\"><\/span>        \"price\": \"9999.00\",\r\n<span id=\"line20\"><\/span>        \"priceCurrency\": \"USD\"\r\n<span id=\"line21\"><\/span>      }\r\n<span id=\"line22\"><\/span>    }\r\n<span id=\"line23\"><\/span>    &lt;\/<span class=\"end-tag\">script<\/span>&gt;<\/pre>\n<p>It&#8217;s unclear how the spammers are getting the files on that CDN. It looks like you need a login to access the university&#8217;s Brightspot CMS that would seem to be connected to the CDN. Possibly, a compromised login could be used here. Though, based on other parts of the campaign, it seems possible that some upload functionality on websites is being abused to do this.<\/p>\n<p>We have alerted Brigham Young University about what is going on.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The last few days we have been looking at what web spammers have been abusing to place spam files on various websites. Some of that has involved various websites from major universities, including Duke and Harvard. That isn&#8217;t all that surprising as they can have a lot of websites and they can stay up despite &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2024\/03\/01\/brigham-young-university-cdn-being-abused-by-web-spammers\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Brigham Young University CDN Being Abused by Web Spammers&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28],"tags":[284],"class_list":["post-5034","post","type-post","status-publish","format-standard","hentry","category-spam","tag-brightspot-cms"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/5034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=5034"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/5034\/revisions"}],"predecessor-version":[{"id":5043,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/5034\/revisions\/5043"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=5034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=5034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=5034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}