Keith Goodrum

Another Way To Get Your WordPress Blog Hacked…  

Looks like Dean Hunt’s blog got hacked by hidden spam links last week. It looks like these spam links are tough to detect by traditional ways. He didn’t know something was wrong until his ranking was nearly wiped out by Google…

Here is the story from his post: Has Your Wordpress Blog Been Hacked

What Happened To DeanHunt.com – By Paul

Here’s the technical side of what they did and what we did to get around it, plus a brief explanation of what I coded to try and give people the chance to check for themselves: -

Wordpress uses calls to wp_head and wp_footer to allow plugins to alter the content being returned as the page loads, a good example of this working well would be the SEO Title Tags plugin. However this is the functionality that the spammers used to insert a whole raft of links into the footer.

This article Wordpress: Exploit We Been Hit By Hidden Spam Link Injection explains the technique for anyone who likes headaches, but in basic terms they are using compromised theme files or adding in new files to your compromised server which act on the wp_footer call to insert their links.

They have been even smarter than that though as they have cloaked the links, so if you pop over to your own hacked site and view the source code you wont see the inserted links. Only when Googlebot comes along are the links shown, which is obviously a bad thing as Google suddenly thinks you’re linking out to a bunch of parasite hosted pills sites and will give you a penalty or remove you as a result.

Note: Dean’s rankings were virtually wiped out in Google


How you can check to see if you’re OK

Paul from SEOidiot is the person Dean turned to for help. Paul has written a free tool to check the links at your Wordpress blog. It called CasheChecker, and is very easy to use. Head on over there to check your Wordpress blog.

After you check you blog for this security leaks, you can do some preventive things for your own protection. I wrote a series of blog security posts a few months ago titled The Dark Side. It might be a good time to go back and review these posts now. Read Can Somebody Drive A Truck Through The Back Door Of Your Wordpress Blog These tips are valuable steps you can take to shore up the security of your blog.

Also be sure to read 10 computer security tips, how many are you applying? to protect yourself online. There is more than one way to hack into your Wordpress blog.

Make sure you are doing what you can to protect your blog… it would suck to have all your hard work wiped out by some spammers.

Related posts:

  1. How to Blog – 7 Powerful Ways to Clone Your Blog Posts OK, you’ve put hard work into creating your latest blog...

Related posts brought to you by Yet Another Related Posts Plugin.

The article has

8 responses

Written by Keith Goodrum

at 11:22 pm

Posted in Wordpress Stuff

Tagged with , ,

«
»

8 Responses to 'Another Way To Get Your WordPress Blog Hacked…'

Subscribe to comments with RSS or TrackBack to 'Another Way To Get Your WordPress Blog Hacked…'.

  1. Keith,

    Glad you found it useful. The spam link insertion problem Dean suffered is quite widespread and a real problem for thousands of blogs out there.

    It’s a simple tool to use but Cachechecker is a fast and easy way to make sure Google doesn’t think your site is spam.

    Paul from SEOidiot

    3:55 pm

  2. Paul,

    The Cachechecker is awesome tool. I used it to check my blog… it was easy & fast to use. Thanks for putting it up so folks can make sure their blogs have not become a victim of spam link insertion.

    Keith Goodrum

    5:11 pm

  3. Hi Keith,

    How are you doing? How’s your wife? Hope it’s all ok. Thanks for this tip. Even though I was pretty sure my site was clean, I rushed to CasheChecker just to sleep peacefully :)

    It’s sad you are no longer on EC, your’s was (still is) one of my favourites blogs. Nice to see you are sticking to your posting self-challenge though. Keep your good work.

    Regards
    Anthony

    Anthony at Work-at-home-Wealth.com

    12:04 am

  4. A few tips to help bloggers stay hack free.

    #1 Backup your database once a week, or get a script to email it to you automatically.

    #2 Keep your blog software up-to-date.

    #3 Use stronger password, 2 uppercase, 2 lowercase, 2 numbers, 2 special characters should do it.

    Spending a few minutes a week doing this can save a lot of trouble from hackers in the long run.

    Hacker Forums

    UNiHacker

    8:59 am

  5. Anthony,

    Becky’s doing great, as am I.

    I’m not on EC by my decision. I accidentally violated their TOS & Entrecard deleted my account. One was my email was bouncing, and the other was a lightbox opt-in hover ad. Fixed the lightbox hover ad, and can’t change the email because I can’t login into my account. Now just waiting to see if they will reinstate my account…

    Keith Goodrum

    10:03 am

  6. Well damn man, it’s always sweet to find new hacking methods to mess with us, arrrg.

    I used the tool, they all look like legit links. I’m a little surprised that there are so few links showing up though…

    Dennis Edell

    4:14 pm

  7. It’s a constant battle over security. As soon as one hole is plugged, they are hard at work looking for another weakness. Just goes with the territory.

    Keith Goodrum

    4:34 pm

  8. Thanks for the tip, Keith. I just checked both my blogs and they seem okay for now. Crazy how many different ways spammers invent for getting their links out there…

    Ryan Healy

    3:22 pm

Leave a Reply

Improve the web with Nofollow Reciprocity.