Updating

A lovely hacker edited my templates and added code that injects spammy links in my pages for visits from search engines. The links are hidden to viewers but seen by search engines. As a result, Google de-indexed my blog.

I removed the offending code but to prevent further hacks I’m also updating to WordPress 2.5 ahead of schedule, fuckups might happen. At the moment of writing, all accented characters, curly quotes and apostrophes are borked. Working on it.

[Update] Fixed

13 Comments

  1. Hey, how about a PSA that shows us what the hack looks like so people know what to look for when they check to make sure they’re not being de-indexed?

  2. Public Service Announcement.

    Cuz I have no idea what to look for in a case like this. Was it a database hack? A PHP file hack? What is the code in the hack? What do I search for? (etc.)

  3. Some people give free templates that have a “backdoor” to include such links. It’s not very easy to figure out unless you parse the source code file by file. Evil plugins can do this too…

  4. It wasn’t that old, I was 2 versions behind (plus some minor bug fix versions). Certainly, I should have been more up to date oooooooold would imply no one but a few are on that and I’m sure loads are still on versions with that flaw.

    Premières impressions: je trip pas du tout. J’aime les couleurs et le type d’interface mais j’utilisais Tiger admin et je trouve que le nouveau design est un peu désaligné, les morceaux parfois semblent pas fitter ensemble, c’est moins fini.

  5. À vrai dire je pensais que c’était une vulnérabilité de 2.1, alors oui j’ai exagéré un peu le ooooooold, désolé! Mais en même temps, c’était pour souligner le fait qu’un Public Service Announcement était inutile.

    Pour ma part je n’utilisais pas d’alternatives au niveau de l’admin, alors je reçois cette nouvelle version à bras ouverts. Faudrait que je compares avec Tiger admin comme tu dis; dois-je comprendre que cette interface n’est pas compatible avec la nouvelle version?

  6. Same thing happened to GV, they were very very persistent about it and kept exploiting our user accoutns (caue there’s hundreds).

    For the record, we were running 2.3.1, just 0.0.2 away from the fix that closed the hole they exploited. The lesson: point releases are as important as version releases, stay up to date on the 0.x so that when the 0.x.x comes out it’s easy and safe to update to it.

    Good work on stopping them. I recommend checking your pages now and then for the js in case they come back.

Comments are closed.