Tony of DJI talks about an unexpected outcome from TailRank’s River, a blog monitoring service. A large number of blogs turned out to have been hacked to promote spammy content and affiliate links.
Hidden content injected in the blog templates with links to each other in order to push the rankings in the SERPs. Blog monitoring services like TailRank, which tracks interlinking content, obviously showed those spammy content.
I’ve seen and have had experience with such types of blog hacking:
- Modifying “header.php” or “footer.php” and inserting links to spammy sites. These text links are enclosed in DIV tags so they can be positioned way off of the screen.
- Popular and free themes are modified and inserted with obfuscated PHP scripts to be injected remotely. The themes are then repackaged and re-distributed to the public. These scripts can then be manipulated later to inject spammy content and text links to any targeted sites. Much like a zombie blog.
- Uploading CGI scripts into the “cgi-bin” directory via unrestricted folders. The CGI scripts can then be accessed and used to run whatever command lines the hacker wants.
- SQL injections. Older and vulnerable versions of WordPress can be attacked via SQL injections to add content to existing/archived blog posts/entries with links to spammy sites.
- Modifying .htaccess files to redirect (301) certain popular or high rankings pages to other spammy or affiliate-filled sites.
- Directly modifying unrestricted pages to insert AdSense codes or modify existing AdSense Publisher ID to that of the hacker.
- I’ve also seen blogs being sabotaged by creating empty folders that follow the same permalink structure as some of the pages of the blog. This, in effect, overrides the custom permalinks and disables the affected pages.
What’s surprising is that most of the hacks that I encountered were deployed by Filipinos too. Here are some snippets of their codes:
if ($epwd ne $npwd) {
$msg = “<br /><h1>Mukha Mo!</h1>
“;
}print header( -COOKIE=>$cid ), start_html(“BUTAS”);
Either they coded the hack themselves or got the script somewhere else and modified it to their own liking. It was obvious because some of the coding (commands and variables) used in the script are in Tagalog.
Tony adds some advise on how to prevent this. I’ve written an more general blog post about security and contingency plans here as well.
That’s why i no longer use free themes. But when i do use free ones, i just modify the WordPress default theme.
Twitter: techathand
says:
I was a victim of this one too.. The answer should be constant back up..
I hoff my blog wont be hack by this hackers. I dont how would i peel ip my site is hacks!
Visit my site fleasee:
http://www.janinablog.com
Yep this happened to pmptoday around december and for the entire january. A porn site hacked us and we hardly noticed until we saw a dramatc decline in traffic.
Just noticed Janina. Think about this guys. If it was celine lopez he’s spoofing, he would get his ass sued.
I recently discovered that my footer was modified and inserted a code that insert unknown image. I don’t know if it was done remotely or just automatically inserted by a worm or trojan or whatever when editing it using the CPANEL or theme Edit function of wordpress
I was recently hacked too (index.php file) and iframes were injected in my posts. It resulted in my site getting banned from Google Search results (distributing spyware). All Google results pertaining to my site were slapped with this warning: “This site may be harmful to your computer.” As a result, traffic from Google trickled to ZILCH. My Adsense dropped too.
It was hell fixing the issue. After the fix, I had to request that Google re-assess my site. It was given a clean bill of health just a couple of weeks ago.
I wanted to write about the incident, but I was afraid of attracting the hacker’s attention again.
Since then, I toughened up my site’s security… well, to the best of my knowledge. (It’s a bit technical for some people, this topic.)
I really recommend this site: http://blogsecurity.net/
Got a lot of useful tips & tools (plugins) on how to secure WordPress a bit more.
Oh, P.S.
Try this plugin called WP Security Scan:
http://wordpress.org/extend/plugins/wp-security-scan/#post-4986
Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
-passwords
-file permissions
-database security
-version hiding
-WordPress admin protection/security
[...] WordPress hackers come from? (not all, of course) Abe Olandres, former editor of the BlogHerald, notes that some of them are Philipino. He’s worked on some security problems in WordPress and has found some of the comments to be [...]
How do you check if a blog is hacked?
Hmmm… I guess it’s an advantage that I’m not running on WordPress, Movable Type, or other popular blog CMSs.
Yes, the advantage of not using a popular blog CMS.
[...] even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. The moral of this story is that you need to upgrade your WordPress blog now to WordPress [...]
[...] may be wondering, how can one tell if their WordPress install is hacked? YugaTech has some tips, the most critical ones I’ll reiterate [...]
[...] even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. The moral of this story is that you need to upgrade your WordPress blog now to WordPress [...]
[...] WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running [...]
[...] http://www.yugatech.com/blog/blogosphere/massive-blog-hackery-exposed/ [...]
[...] http://www.yugatech.com/blog/blogosphere/massive-blog-hackery-exposed/ [...]
[...] as what I’ve read on Massive Blog Hackery Exposed, there have been a lot of simple and advanced hacks being done by hackers. One of them is by [...]
[...] popular you are, the more attacks you get. This is so true with WordPress right now. The massive code injection and hidden links on WordPress blogs are getting some serious coverage and just tonight I discovered another form of attack — the [...]
[...] um das Blog dann hacken zu können, sobald das Opfer das Template aktiviert. Siehe dazu “Massive Blog Hackery Exposed“, “Vulnerable WordPress Blogs Not Being Indexed” und “Blog Hacks Coming [...]
Twitter: getitfromboy
says:
Congrats Yuga, great post! and i’m sure tons of revenue, lol..why? this blogpost is in the WordPress Admin Page!!just imagine the traffic!
[...] dice que una de las fuentes de vulnerabilidades más comunes viene de la mano de las plantillas gratuitas que se consiguen por la red. Esto no es sorpresa, tampoco algo nuevo, pero es algo recurrente que no es menos [...]
[...] Darum sollten nur plugins und themes aus sicherer Quelle installiert werden. Nach dieser Geschichte bin ich sensibler geworden, was Content Klau und das Interesse an meinem kleinen Blog zum “Blackhat” optimieren von webseiten bietet. Der Trick mit dem “vergifteten” WP Theme ist dann der feuchte Traum des “blackhat” SEO. [...]
[...] Ada baiknya kalo sebelum kita menginstal theme lebih memperhatikan strukturnya jika ada kode yang mencurigakan jangan anda instal wordpress tersebut. Posted on April 10th, 2008 by daniel in news wordpress [...]