Comments on: Dirty WordPress Hack Going Around, Cloaked to Search Engines

By: Franky

Franky — Tue, 06 Apr 2010 11:33:16 +0000

You don't have to wait for Google's cache. You can use the Fetch as Googlebot tool.

By: Jaypee

Jaypee — Thu, 04 Mar 2010 03:23:55 +0000

That’s right. I hope someone who’s been affected by this hack would share the details and the files that were used so that the experts can take a look at it and determine what measures can be done to prevent future problems.

By: Jaypee

Jaypee — Thu, 04 Mar 2010 03:22:27 +0000

Yeah, I was glad I didn’t find any spammy stuff on my search results. I’m gonna keep checking because as you mentioned, some of it may only appear after Google caches/indexes it.

No problem. Its very useful info for WP users and I’m just trying to spread the word and help other users know about this issue.

By: Leland

Leland — Wed, 03 Mar 2010 15:06:21 +0000

I haven’t heard of that plugin before, but I’d recommend reporting it to the WordPress.org people because I’m sure that’s not allowed.

This hack that I’ve described seems to be much more elaborate than just a single spam link inserted through a plugin.

I’m not exactly sure what’s causing it, could be any number of things.

By: chrispian

chrispian — Wed, 03 Mar 2010 14:50:47 +0000

Have you been able to tell if it’s happening to the current version of WP or just older versions? Also, have you looked to see if it’s a plugin doing it? I recently found a plugin in the repository doing much the same (details here: http://www.chrispian.com/169/wordpress-plugin-alert-about-the-author-box ).

I’ve seen this hack before, but it was in older versions of WP and they mainly tweaked your .htaccess file to redirect all SE traffic to one of their spammy sites, along with what you described in the post. Now we don’t have to worry about just hackers, but spammers who hack too.

By: Michael Savage

Michael Savage — Tue, 02 Mar 2010 17:27:59 +0000

Keep us updated if you hear more on this Leland. Since my business site is powered by wordpress makes me want to check often.

By: Leland

Leland — Tue, 02 Mar 2010 12:31:49 +0000

No problem Jaypee, glad you didn’t find any hacky stuff in your search results.

Thanks for including this in your weekend roundup!

By: Leland

Leland — Tue, 02 Mar 2010 12:30:40 +0000

I think that would be useful, especially if they spot a malicious file, if they share the code it could shed some light as to how exactly the hack works.

By: Wayne John

Wayne John — Tue, 02 Mar 2010 05:12:50 +0000

Good info, thanks for posting it. One of the existing people that were hacked should provide a copy of their code to people that could determine if there is a way to detect it and remove it, hopefully before Google indexes the content.

Good stuff!

By: Jaypee

Jaypee — Tue, 02 Mar 2010 02:38:04 +0000

Thanks for the info Leland! I wasn’t aware of this until I read your article. I’m sure many WordPress users will find this information useful.

Btw, I checked my blog using the procedure specified in the screencast and fortunately my blog doesn’t display any spam links/keywords.

I’m adding this article to my “late” Weekend Roundup. Again, thanks for sharing!