Welcome to WebmasterWorld Guest from 54.196.144.100

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

Wordpress Exploit

Is this significant - if so, what do I do?

     

chewy

6:02 pm on Apr 17, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



So I have a site - let's call it chewy.tld - hosted on Wordpress.

I discover Google's warning saying "This site may be compromised" when inadvertently looking at the serp using the site: command.

Sure enough, there's all this nasty levitra / cialis code only seeable in the Google cache.

We lock down all the passwords, add increased security, and move from host gotchadaddy to some other more secure host for WP.

We clean out all the bad content and all looks well and Google slowly starts to reindex the clean pages.

A week later, I happen to be looking at new backlinks via Google Webmaster Tools.

Wow - what all those new backlinks?

I look at a few. There are thousands (close to 7k), all clustered around the last few weeks of March, 2013.

Upon closer look, the few I spotcheck are all "this site may be compromised" type blogs, all with backlinks to our site along with backlinks to compromised sites all over the place.

Yes, they all have a nice fat backlink to chewy.tld

So the attack is more than just an injection of bad code.

Holy c**p! Is anyone else seeing this?

How does one determine if this is one of those reportable things, or just a little bubble in the daily life of WP?