Results 1 to 3 of 3
August 21st, 2008, 04:23 PM #1
Nasty Hidden Exploits - Wordpress Users READ
- Join Date
- January 17th, 2005
- Upstate SC
I host a couple of WP blogs for friends, one came over today and as I was working on it, I grabbed the source for one of the pages. It had a TON of links in the source. They were all in a hidden div. A couple thousand links using style='display:none'. Attached partial screenshot of links injection text.
They were injected into the header include, which I easily deleted. I decided to check other blogs and didn't have any problems. However after researching the problem, there are other variations that cloak the source - only visible to googlebot. These are very nasty.
Checking the Google cache of one of my other blogs, then clicking the text only link, I see several hundred links in the cache at the bottom of the page. This is NOT in the source on my pageviews, and is handled by hacks in the db and plugins. Major garbage here, and I had no idea. Image of the google cache, text only showing what is after my footer, attached.
These are older versions of wordpress, so the latest updates may be immune, but you may want to check anyway. Check your source and check the text-only version of Google's cache on your home page and a couple posts.
This site has some useful info and links on removing:
But note, you won't see the hidden div links like were placed in the header this way. You have to check the source code too.
Check your blogs and keep your WP up to date.[url=http://www.drastictactics.com/]Drastic Tactics[/url] - Performance Marketing Since 1998
August 21st, 2008, 05:31 PM #2
- Join Date
- January 18th, 2005
I've the latest versions 2.6 and 2.61 and I've the same problems. You have to check your code very often and not only the header. As soon as your blog has some decent traffic you're the target of these hackers. Check for iframe injection in your posts, too. Also, they can take over your xml site map. Check it quite often. For that, Google Webmaster tools are quite helpful. Google can detect these problems and warn you before it's too late.
August 21st, 2008, 06:14 PM #3
Sheesh yet another thing to worry about with WP.
Thanks for the heads up.
I sometimes wonder if I should just go back to html or find another cms. Those darn hackers.
By JCrooks - AffiliateWindow in forum Promotions, Sales, and Coupons on Affiliate WindowReplies: 0Last Post: October 25th, 2013, 02:10 PM
By PDXreader in forum Search Engine OptimizationReplies: 5Last Post: February 24th, 2010, 07:46 PM
By Stratplayer1 in forum Midnight Cafe'Replies: 9Last Post: October 13th, 2008, 12:25 PM
By Zeus in forum ShareASale - SASReplies: 6Last Post: August 17th, 2008, 02:24 AM
By JessieJ in forum PopShopsReplies: 4Last Post: August 16th, 2008, 10:41 PM