{"id":77,"date":"2026-01-13T00:00:00","date_gmt":"2026-01-12T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/sk\/cieleny-seo-cloaking-wordpress-googlebot-ip-overenie\/"},"modified":"2026-01-20T06:33:00","modified_gmt":"2026-01-20T05:33:00","slug":"cieleny-seo-cloaking-wordpress-googlebot-ip-overenie","status":"publish","type":"post","link":"https:\/\/helloblog.io\/sk\/cieleny-seo-cloaking-wordpress-googlebot-ip-overenie\/","title":{"rendered":"Cielen\u00fd SEO cloaking vo WordPress: ke\u010f sa \u0161kodliv\u00fd k\u00f3d uk\u00e1\u017ee len Googlebotu (a e\u0161te si over\u00ed IP)"},"content":{"rendered":"\n<p>V poslednom obdob\u00ed sa pri kompromitovan\u00fdch WordPress weboch \u010doraz \u010dastej\u0161ie stret\u00e1vam s trendom, ktor\u00fd je pre majite\u013ea aj v\u00fdvoj\u00e1ra frustruj\u00faci: str\u00e1nka sa \u201espr\u00e1va norm\u00e1lne\u201c pri be\u017enom prehliadan\u00ed, ale vyh\u013ead\u00e1va\u010de (najm\u00e4 Google) vidia injektovan\u00fd spam alebo \u00faplne in\u00fd obsah. \u00dato\u010dn\u00edci sa pos\u00favaj\u00fa od jednoduch\u00fdch redirectov k selekt\u00edvnemu doru\u010dovaniu payloadu \u2013 tak, aby bol \u00fatok \u010do najmenej vidite\u013en\u00fd pre \u010dloveka.<\/p>\n\n\n\n<p>Zauj\u00edmav\u00fd detail z ned\u00e1vno analyzovan\u00e9ho pr\u00edpadu: \u0161kodliv\u00fd k\u00f3d v hlavnom <code>index.php<\/code> nefiltruje Googlebot len cez <code>HTTP_USER_AGENT<\/code>, ale rob\u00ed si aj <em>overenie IP adresy<\/em> proti rozsiahlej, natvrdo zak\u00f3dovanej kni\u017enici IP rozsahov patriacich Googlu (ASN rozsahy v CIDR form\u00e1te). V\u00fdsledok je cloaking, ktor\u00fd sa ve\u013emi \u0165a\u017eko replikuje manu\u00e1lne a \u010dasto unikne aj z\u00e1kladn\u00fdm kontrol\u00e1m.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u010co sa v praxi deje: kompromitovan\u00fd index.php ako \u201evr\u00e1tnik\u201c<\/h2>\n\n\n\n<p>V klasickom WordPress flow je <code>index.php<\/code> \u0161tartovac\u00ed bod, ktor\u00fd na konci typicky includuje <code>wp-blog-header.php<\/code> a t\u00fdm spust\u00ed cel\u00fd WordPress. V tomto incidente bol <code>index.php<\/code> upraven\u00fd tak, \u017ee sa najprv rozhodne, kto pri\u0161iel:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>be\u017en\u00fd n\u00e1v\u0161tevn\u00edk \u2192 uvid\u00ed \u010dist\u00fd obsah (alebo je presmerovan\u00fd na legit\u00edmnu homepage)<\/li>\n\n\n<li>Googlebot a pr\u00edbuzn\u00e9 Google n\u00e1stroje \u2192 dostan\u00fa \u00faplne in\u00fd obsah stiahnut\u00fd z extern\u00e9ho zdroja<\/li>\n\n\n<li>\u201efake\u201c Googlebot (spoofnut\u00fd User-Agent) \u2192 k\u00f3d ho odhal\u00ed cez IP kontrolu a spr\u00e1va sa ako pri be\u017enom n\u00e1v\u0161tevn\u00edkovi (\u010dasto aj s logovan\u00edm tejto situ\u00e1cie)<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Pre\u010do je IP overenie z\u00e1sadn\u00fd rozdiel oproti star\u00e9mu cloakingu<\/h2>\n\n\n\n<p>Mnoh\u00e9 star\u0161ie cloaking skripty sa spoliehali na jednoduch\u00fa podmienku typu \u201eak User-Agent obsahuje <code>Googlebot<\/code>, uk\u00e1\u017e spam\u201c. To sa d\u00e1 \u013eahko otestova\u0165 aj bez kompromit\u00e1cie: sta\u010d\u00ed zmeni\u0165 User-Agent v DevTools alebo cez <code>curl -A<\/code> a vid\u00ed\u0161, \u010do vid\u00ed bot.<\/p>\n\n\n\n<p>V tomto pr\u00edpade je to robustnej\u0161ie: \u0161kodliv\u00fd k\u00f3d si k User-Agent filtru prid\u00e1va kontrolu, \u010di request naozaj prich\u00e1dza z infra\u0161trukt\u00fary Googlu. Na to pou\u017e\u00edva <strong>ASN (Autonomous System Number)<\/strong> rozsahy \u2013 zjednodu\u0161ene \u201einternetov\u00fa identitu\u201c organiz\u00e1cie, ktor\u00e1 zastre\u0161uje jej IP bloky. Ak IP adresa requestu patr\u00ed do Google ASN, skript to vyhodnot\u00ed ako legit\u00edmneho bota.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CIDR v skratke (pre\u010do to \u00fato\u010dn\u00edci radi pou\u017e\u00edvaj\u00fa)<\/h3>\n\n\n\n<p>IP rozsahy s\u00fa ulo\u017een\u00e9 v <strong>CIDR<\/strong> tvare (napr. <code>192.168.1.0\/24<\/code>). CIDR je kompaktn\u00fd z\u00e1pis bloku adries \u2013 namiesto vypisovania tis\u00edcok IP len povie\u0161 sie\u0165 a ve\u013ekos\u0165 bloku. \u00dato\u010dn\u00edk tak m\u00f4\u017ee ma\u0165 v k\u00f3de kni\u017enicu rozsahov, ktor\u00fa vie r\u00fdchlo prech\u00e1dza\u0165.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ako skript overuje IP: bitov\u00e9 oper\u00e1cie namiesto porovn\u00e1vania re\u0165azcov<\/h2>\n\n\n\n<p>\u010eal\u0161\u00ed detail, ktor\u00fd stoj\u00ed za pozornos\u0165: namiesto jednoduch\u00fdch \u201estartsWith\u201c\/regex kontrol rob\u00ed overenie matematikou cez bitov\u00e9 oper\u00e1cie. Pri IPv4 ide o klasick\u00fa kontrolu, \u010di IP spad\u00e1 do siete pod\u013ea masky (netmask):<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/\/ princ\u00edp, ktor\u00fd sa v podobn\u00fdch skriptoch pou\u017e\u00edva\n\/\/ (ip &amp; mask) == (range &amp; mask)\n($ip_decimal &amp; $netmask_decimal) == ($range_decimal &amp; $netmask_decimal);\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\">\/\/ princ\u00edp, ktor\u00fd sa v podobn\u00fdch skriptoch pou\u017e\u00edva<\/span><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\">\/\/ (ip &#x26; mask) == (range &#x26; mask)<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">($ip_decimal <\/span><span style=\"color:#F97583\">&#x26;<\/span><span style=\"color:#E1E4E8\"> $netmask_decimal) <\/span><span style=\"color:#F97583\">==<\/span><span style=\"color:#E1E4E8\"> ($range_decimal <\/span><span style=\"color:#F97583\">&#x26;<\/span><span style=\"color:#E1E4E8\"> $netmask_decimal);<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Z poh\u013eadu obrany to znamen\u00e1, \u017ee skript sa spr\u00e1va presnej\u0161ie a menej sa d\u00e1 \u201eobabra\u0165\u201c n\u00e1hodn\u00fdm IP rozsahom alebo jednoduch\u00fdm spoofingom. Navy\u0161e v analyzovanom pr\u00edpade bola implement\u00e1cia pripraven\u00e1 aj na <strong>IPv6<\/strong>, \u010do star\u0161ie cloakingy \u010dasto ignorovali.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Doru\u010denie payloadu: remote obsah cez cURL a \u201enative\u201c v\u00fdstup<\/h2>\n\n\n\n<p>Ke\u010f n\u00e1v\u0161teva prejde filtrami (User-Agent aj IP), k\u00f3d stiahne obsah z extern\u00e9ho webu a priamo ho vyp\u00ed\u0161e do odpovede. V pop\u00edsanom incidente \u0161lo o dom\u00e9nu:<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>hxxps:\/\/amp-samaresmanor[.]pages[.]dev\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#B392F0\">hxxps:\/\/amp-samaresmanor[.]pages[.]dev<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>D\u00f4le\u017eit\u00e9 je, \u017ee v\u00fdsledok vyzer\u00e1 pre crawler ako norm\u00e1lny obsah hostovan\u00fd na tvojej dom\u00e9ne. Google ho m\u00f4\u017ee zaindexova\u0165, priradi\u0165 mu reput\u00e1ciu a n\u00e1sledne penalizova\u0165 tvoj web \u2013 aj ke\u010f re\u00e1lne ten spam fyzicky \u201eneb\u00fdva\u201c v datab\u00e1ze WordPressu.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Pre\u010do je to nebezpe\u010dn\u00e9 aj pre \u201e\u010dist\u00fd\u201c front-end<\/h4>\n\n\n<p>Majite\u013e webu \u010dasto ni\u010d nevid\u00ed: be\u017en\u00ed \u013eudia dostan\u00fa legit\u00edmnu str\u00e1nku, zatia\u013e \u010do vyh\u013ead\u00e1va\u010d indexuje spam. To m\u00f4\u017ee skon\u010di\u0165 deindex\u00e1ciou, blacklistingom alebo dlhodob\u00fdm po\u0161koden\u00edm SEO sign\u00e1lov.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Roz\u0161\u00edren\u00e9 filtrovanie User-Agentov: nejde len o \u201eGooglebot\u201c<\/h2>\n\n\n\n<p>\u00dato\u010dn\u00edci v tomto type kampan\u00ed \u010dasto necielia iba na klasick\u00fd <code>Googlebot<\/code>. Filtre b\u00fdvaj\u00fa roz\u0161\u00edren\u00e9 aj o re\u0165azce s\u00favisiace s verifika\u010dn\u00fdmi a kontroln\u00fdmi n\u00e1strojmi Googlu (napr. inspection\/validation a API crawlery), aby sa injektovan\u00fd obsah dostal cez r\u00f4zne kontroln\u00e9 mechanizmy a bol \u201ed\u00f4veryhodne\u201c spracovan\u00fd naprie\u010d slu\u017ebami.<\/p>\n\n\n\n<p>Pre kontext: <strong>HTTP User-Agent<\/strong> je hlavi\u010dka, ktor\u00fa klient posiela pri ka\u017edom requeste a identifikuje typ prehliada\u010da alebo bota. Je jednoduch\u00e9 ju spoofnu\u0165 \u2013 pr\u00e1ve preto d\u00e1va zmysel, \u017ee malv\u00e9r prid\u00e1va aj IP valid\u00e1ciu.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Podmienky, presmerovania a logovanie: \u00fatok chce by\u0165 stabiln\u00fd<\/h2>\n\n\n\n<p>Zauj\u00edmav\u00fdm prvkom bola aj \u201eprev\u00e1dzkov\u00e1 hygien\u0430\u201c \u0161kodliv\u00e9ho k\u00f3du: rozhodovacia logika, presmerovania na bezpe\u010dn\u00e9 URL a dokonca aj error handling\/logovanie. Cie\u013e je jasn\u00fd \u2013 aby Google nevidel broken page a aby \u00fato\u010dn\u00edk mal preh\u013ead, \u010di sa payload na\u010d\u00edtal.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Ak je bot legit\u00edmny: na\u010d\u00edta remote obsah; pri zlyhan\u00ed na\u010d\u00edtania m\u00f4\u017ee nasledova\u0165 presmerovanie (napr. na <code>\/home\/<\/code>), aby crawler nevidel chybu.<\/li>\n\n\n<li>Ak je User-Agent spoofnut\u00fd, ale IP nesed\u00ed: skript situ\u00e1ciu vyhodnot\u00ed ako \u201efake bot\u201c a zvy\u010dajne presmeruje na legit\u00edmnu str\u00e1nku.<\/li>\n\n\n<li>Be\u017en\u00ed pou\u017e\u00edvatelia: dostan\u00fa \u0161tandardn\u00fd obsah alebo okam\u017eit\u00e9 presmerovanie na homepage.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Pre\u010do \u00fato\u010dn\u00edk siaha po WordPress core s\u00faboroch (wp-load.php, wp-blog-header.php)<\/h2>\n\n\n\n<p>Aj ke\u010f je \u00faprava v <code>index.php<\/code>, skript nechce \u201ezabi\u0165\u201c web. Naopak, potrebuje, aby v\u0161etko pre \u013eud\u00ed fungovalo norm\u00e1lne. Preto \u010dasto vyu\u017eije core s\u00fabory:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><code>wp-load.php<\/code> \u2013 jeho includom (<code>require_once __DIR__ . '\/wp-load.php';<\/code>) sa nabootuje WordPress prostredie, konfigur\u00e1cia a pr\u00edstup k DB. Malv\u00e9r tak m\u00f4\u017ee pou\u017e\u00edva\u0165 nastavenia webu a z\u00e1rove\u0148 sa tv\u00e1ri\u0165 ako s\u00fa\u010das\u0165 aplik\u00e1cie.<\/li>\n\n\n<li><code>wp-blog-header.php<\/code> \u2013 typicky sa includuje na konci legit\u00edmneho <code>index.php<\/code>, aby WordPress vyrenderoval str\u00e1nku. \u00dato\u010dn\u00edk si ponech\u00e1 tento \u201efallback\u201c, ke\u010f podmienky na cloaking nesedia.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Typick\u00e9 sympt\u00f3my: kedy sa oplat\u00ed spozornie\u0165<\/h2>\n\n\n\n<p>Pri takomto type infekcie \u010dasto nefunguje princ\u00edp \u201ev\u0161ak otvor\u00edm web v incognite a uvid\u00edm\u201c. Ind\u00edcie b\u00fdvaj\u00fa sk\u00f4r nepriamo vidite\u013en\u00e9:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Zvl\u00e1\u0161tne alebo zhor\u0161en\u00e9 v\u00fdsledky vo vyh\u013ead\u00e1van\u00ed (ne\u010dakan\u00e9 title\/snippety, spammy str\u00e1nky, pokles index\u00e1cie).<\/li>\n\n\n<li>Neo\u010dak\u00e1vane zmenen\u00e9 s\u00fabory v root-e (najm\u00e4 <code>index.php<\/code>).<\/li>\n\n\n<li>Podozriv\u00e9 extern\u00e9 URL\/dom\u00e9ny v k\u00f3de alebo v logoch.<\/li>\n\n\n<li>Ne\u0161tandardn\u00e9 z\u00e1znamy v access\/error logoch (presmerovania, cURL requesty, opakovan\u00e9 pokusy \u201etv\u00e1ri\u0165 sa ako Googlebot\u201c).<\/li>\n\n<\/ul>\n\n\n\n<p>V analyzovanom pr\u00edpade bol \u0161kodliv\u00fd endpoint <code>amp-samaresmanor[.]pages[.]dev<\/code> evidovan\u00fd na VirusTotal (v \u010dase anal\u00fdzy ho blocklistovali 2 vendori) a pod\u013ea verejn\u00e9ho vyh\u013ead\u00e1vania sa tento re\u0165azec nach\u00e1dzal na viacer\u00fdch infikovan\u00fdch weboch.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">R\u00fdchly postup n\u00e1pravy a prevencie (prakticky pre WP v\u00fdvoj\u00e1ra)<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Skontroluj integritu core s\u00faborov: za\u010dni <code>index.php<\/code> a s\u00fabormi v root-e. Pri podozren\u00ed porovnaj s \u010distou distrib\u00faciou WordPressu (rovnak\u00e1 verzia) a odstr\u00e1\u0148 nezn\u00e1me bloky k\u00f3du.<\/li>\n\n\n<li>Vyho\u010f nezn\u00e1me s\u00fabory a adres\u00e1re: \u010doko\u013evek, \u010do tam nepribudlo z deploy procesu alebo ofici\u00e1lnych pluginov\/t\u00e9m.<\/li>\n\n\n<li>Audit pou\u017e\u00edvate\u013eov: odstr\u00e1\u0148 podozriv\u00fdch adminov a \u201ehelp\u201c \u00fa\u010dty, ktor\u00e9 tam nemaj\u00fa \u010do robi\u0165.<\/li>\n\n\n<li>Reset prihlasovac\u00edch \u00fadajov: WP admin, FTP\/SFTP, hosting panel, datab\u00e1za. Ak \u00fato\u010dn\u00edk z\u00edskal pr\u00edstup raz, \u010dasto sa vracia cez rovnak\u00e9 poverenia.<\/li>\n\n\n<li>Skenuj aj vlastn\u00fd po\u010d\u00edta\u010d: kompromitovan\u00e9 zariadenie v\u00fdvoj\u00e1ra\/administr\u00e1tora je \u010dast\u00fd zdroj opakovan\u00fdch infekci\u00ed (ukradnut\u00e9 hesl\u00e1, session, SSH k\u013e\u00fa\u010de).<\/li>\n\n\n<li>Aktualizuj v\u0161etko: WordPress core, pluginy, t\u00e9my. Zanedban\u00e9 aktualiz\u00e1cie s\u00fa st\u00e1le naj\u010dastej\u0161ia vstupn\u00e1 br\u00e1na.<\/li>\n\n\n<li>Nasadi\u0165 WAF (Web Application Firewall): WAF vie blokova\u0165 komunik\u00e1ciu na zn\u00e1me \u0161kodliv\u00e9 hosty a zn\u00ed\u017ei\u0165 \u0161ancu, \u017ee sa malv\u00e9r na web v\u00f4bec dostane alebo \u017ee bude \u00faspe\u0161ne vola\u0165 C2\/payload endpointy.<\/li>\n\n\n<li>Zave\u010f File Integrity Monitoring: monitorovanie zmien s\u00faborov (najm\u00e4 core) je pri t\u00fdchto tich\u00fdch infekci\u00e1ch \u010dasto najr\u00fdchlej\u0161\u00ed alarm.<\/li>\n\n\n<li>Pravidelne kontroluj Google Search Console: podozriv\u00e9 URL v indexe s\u00fa \u010dasto prv\u00fd sign\u00e1l, \u017ee web serv\u00edruje crawlerom nie\u010do in\u00e9.<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Zhrnutie: tich\u00fd \u00fatok, ktor\u00fd zneu\u017e\u00edva d\u00f4veru vyh\u013ead\u00e1va\u010dov<\/h2>\n\n\n\n<p>Tento typ infekcie je uk\u00e1\u017ekou posunu od \u201ehlasn\u00fdch\u201c kompromit\u00e1ci\u00ed k selekt\u00edvnym technik\u00e1m, ktor\u00e9 cielia na SEO a reput\u00e1ciu webu. K\u013e\u00fa\u010dov\u00e1 obrana je kombin\u00e1cia: kontrola integrity s\u00faborov, audit pr\u00edstupov, aktualiz\u00e1cie a ochrann\u00e1 vrstva typu WAF. Ak rie\u0161i\u0161 nevysvetlite\u013en\u00e9 SEO probl\u00e9my a pritom na webe \u201eni\u010d nevid\u00ed\u0161\u201c, kontrola <code>index.php<\/code> a root s\u00faborov by mala by\u0165 medzi prv\u00fdmi krokmi.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1360\" height=\"636\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/IP-Verified-Conditional-Logic.png\" alt=\"Sch\u00e9ma IP-overenej podmienkovej logiky, ktor\u00e1 rozhoduje, \u010do uvid\u00ed Googlebot a \u010do be\u017en\u00fd n\u00e1v\u0161tevn\u00edk\" class=\"wp-image-69\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/IP-Verified-Conditional-Logic.png 1360w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/IP-Verified-Conditional-Logic-300x140.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/IP-Verified-Conditional-Logic-1024x479.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/IP-Verified-Conditional-Logic-768x359.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/IP-Verified-Conditional-Logic-400x187.png 400w\" sizes=\"auto, (max-width: 1360px) 100vw, 1360px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1270\" height=\"936\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/What-Google-sees.png\" alt=\"Uk\u00e1\u017eka rozdielu: Google vid\u00ed spam\/in\u00fd obsah, zatia\u013e \u010do n\u00e1v\u0161tevn\u00edci vidia p\u00f4vodn\u00fa str\u00e1nku\" class=\"wp-image-70\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/What-Google-sees.png 1270w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/What-Google-sees-300x221.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/What-Google-sees-1024x755.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/What-Google-sees-768x566.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/What-Google-sees-400x295.png 400w\" sizes=\"auto, (max-width: 1270px) 100vw, 1270px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1332\" height=\"620\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/CIDR-format.png\" alt=\"Ilustr\u00e1cia CIDR form\u00e1tu pre IP rozsahy pou\u017e\u00edvan\u00e9ho pri valid\u00e1cii siete\" class=\"wp-image-71\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/CIDR-format.png 1332w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/CIDR-format-300x140.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/CIDR-format-1024x477.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/CIDR-format-768x357.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/CIDR-format-400x186.png 400w\" sizes=\"auto, (max-width: 1332px) 100vw, 1332px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1880\" height=\"498\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification.png\" alt=\"Viacvrstvov\u00e9 overenie identity n\u00e1v\u0161tevn\u00edka: User-Agent + kontrola IP rozsahov\" class=\"wp-image-72\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification.png 1880w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification-300x79.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification-1024x271.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification-768x203.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification-1536x407.png 1536w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Multi-Layer-Identity-Verification-400x106.png 400w\" sizes=\"auto, (max-width: 1880px) 100vw, 1880px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1420\" height=\"734\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Bitwise-IP-Range-Validation.png\" alt=\"Sch\u00e9ma bitovej valid\u00e1cie IP adresy vo\u010di sie\u0165ov\u00e9mu rozsahu\" class=\"wp-image-73\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Bitwise-IP-Range-Validation.png 1420w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Bitwise-IP-Range-Validation-300x155.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Bitwise-IP-Range-Validation-1024x529.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Bitwise-IP-Range-Validation-768x397.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Bitwise-IP-Range-Validation-400x207.png 400w\" sizes=\"auto, (max-width: 1420px) 100vw, 1420px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1444\" height=\"836\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Remote-Payload-Execution-via-cURL.png\" alt=\"Na\u010d\u00edtanie vzdialen\u00e9ho payloadu cez cURL a jeho vyp\u00edsanie do str\u00e1nky pre crawler\" class=\"wp-image-74\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Remote-Payload-Execution-via-cURL.png 1444w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Remote-Payload-Execution-via-cURL-300x174.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Remote-Payload-Execution-via-cURL-1024x593.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Remote-Payload-Execution-via-cURL-768x445.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Remote-Payload-Execution-via-cURL-400x232.png 400w\" sizes=\"auto, (max-width: 1444px) 100vw, 1444px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1682\" height=\"554\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering.png\" alt=\"Filtrovanie HTTP User-Agent re\u0165azcov pre r\u00f4zne Google n\u00e1stroje a crawlery\" class=\"wp-image-75\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering.png 1682w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering-300x99.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering-1024x337.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering-768x253.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering-1536x506.png 1536w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/User-Agent-Filtering-400x132.png 400w\" sizes=\"auto, (max-width: 1682px) 100vw, 1682px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1694\" height=\"680\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging.png\" alt=\"Rozhodovacia logika a logovanie: legit\u00edmny bot vs. fake bot vs. be\u017en\u00fd n\u00e1v\u0161tevn\u00edk\" class=\"wp-image-76\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging.png 1694w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging-300x120.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging-1024x411.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging-768x308.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging-1536x617.png 1536w, https:\/\/helloblog.io\/app\/uploads\/sites\/16\/2026\/01\/Conditional-Logic-and-Error-Logging-400x161.png 400w\" sizes=\"auto, (max-width: 1694px) 100vw, 1694px\" \/><figcaption class=\"wp-element-caption\"><em>Forr\u00e1s: Sucuri Blog<\/em><\/figcaption><\/figure>\n\n\n<div class=\"references-section\">\n                <h2>Referencie \/ Zdroje<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/blog.sucuri.net\/2026\/01\/malware-intercepts-googlebot-via-ip-verified-conditional-logic.html\" target=\"_blank\" rel=\"noopener noreferrer\">Malware Intercepts Googlebot via IP-Verified Conditional Logic<\/a><\/li><li><a href=\"https:\/\/blog.sucuri.net\/2026\/01\/google-sees-spam-you-see-your-site-a-cloaked-seo-spam-attack.html\" target=\"_blank\" rel=\"noopener noreferrer\">Google sees spam, you see your site: a cloaked SEO spam attack<\/a><\/li><li><a href=\"https:\/\/sucuri.net\/website-firewall\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sucuri Website Firewall<\/a><\/li><li><a href=\"https:\/\/sucuri.net\/malware-detection-scanning\/\" target=\"_blank\" rel=\"noopener noreferrer\">File Integrity Monitoring \/ Malware Detection &amp; Scanning<\/a><\/li><li><a href=\"https:\/\/www.virustotal.com\/gui\/url\/5a006beedf563c6215a31746d011d13fd4f2561a1bf3b557484c4532b13e1ec6?nocache=1\" target=\"_blank\" rel=\"noopener noreferrer\">VirusTotal URL report (amp-samaresmanor.pages.dev)<\/a><\/li><li><a href=\"https:\/\/publicwww.com\/websites\/amp-samaresmanor.pages\/\" target=\"_blank\" rel=\"noopener noreferrer\">publicwww.com results (amp-samaresmanor.pages)<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>Ak v prehliada\u010di vid\u00ed\u0161 norm\u00e1lny web, no Google indexuje \u00faplne in\u00fd obsah, m\u00f4\u017ee \u00eds\u0165 o cloaking malv\u00e9r. V posledn\u00fdch kampaniach \u00fato\u010dn\u00edci filtruj\u00fa Googlebot nielen pod\u013ea User-Agentu, ale aj pod\u013ea re\u00e1lnych IP rozsahov Google \u2013 tak\u017ee ru\u010dn\u00e1 kontrola \u010dasto ni\u010d neodhal\u00ed.<\/p>\n","protected":false},"author":37,"featured_media":68,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[61,60,58,59,10],"class_list":["post-77","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-cloaking","tag-googlebot","tag-malware","tag-seo","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/users\/37"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/comments?post=77"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/posts\/77\/revisions\/122"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/media\/68"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/media?parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/categories?post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/sk\/wp-json\/wp\/v2\/tags?post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}