homepage Welcome to WebmasterWorld Guest from 50.17.107.233
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
Wordpress Exploit
Is this significant - if so, what do I do?
chewy




msg:4565709
 6:02 pm on Apr 17, 2013 (gmt 0)

So I have a site - let's call it chewy.tld - hosted on Wordpress.

I discover Google's warning saying "This site may be compromised" when inadvertently looking at the serp using the site: command.

Sure enough, there's all this nasty levitra / cialis code only seeable in the Google cache.

We lock down all the passwords, add increased security, and move from host gotchadaddy to some other more secure host for WP.

We clean out all the bad content and all looks well and Google slowly starts to reindex the clean pages.

A week later, I happen to be looking at new backlinks via Google Webmaster Tools.

Wow - what all those new backlinks?

I look at a few. There are thousands (close to 7k), all clustered around the last few weeks of March, 2013.

Upon closer look, the few I spotcheck are all "this site may be compromised" type blogs, all with backlinks to our site along with backlinks to compromised sites all over the place.

Yes, they all have a nice fat backlink to chewy.tld

So the attack is more than just an injection of bad code.

Holy c**p! Is anyone else seeing this?

How does one determine if this is one of those reportable things, or just a little bubble in the daily life of WP?

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved