I have been hacked!
I wrote the other day how I have been bewildered by a sudden drop in traffic on this site.
Turns out there is a perfectly reasonable explanation for the drop as the site have somehow been hacked.
Evil people have inserted bits of HTML in the site's header and footer linking to hundreds of spam sites advertising weird pharmaceuticals and what not.
I found out because I went through the site's setup at Google Webmaster Central, which led me to the Google Webmaster Help group. Here I came across a thread discussing a situation that seemed awfully similar to what has happened to gersbo.dk. The thread describes how a site owner discovered hidden links on his site's pages.
After reading that, I took a quick look at the HTML source for gersbo.dk and sure enough: In the footer I found a hidden list of hundreds of links to spam sites.
<u style="display: none">
<!– HERE HUNDREDS OF LINKS TO SPAM SITES WERE INSERTED
</u>
<!– ~ –>
I noticed how the spam links bloated the 'footer.php' file and so I checked for other files with suspicously large sizes (most of the Wordpress PHP source files are just a few kilobytes). Turned out the 'header.php' file was also infected.
I have now removed the evil code and hopefully that will be the end of that, but I wonder? I have no idea how it got there in the first place?
If you enjoyed this post, make sure you subscribe to my RSS feed!
Related Posts:
- No results.
May 6th, 2008 at 11:47
Damn buggers… Well at least you found the reason why your traffic dropped.
If you Google “wordpress vulnerabilities” you’ll find out there’re several ways to play around with your files ;o)
Let us know if your traffic gets back to normal again.
May 7th, 2008 at 09:42
Good thing you found the problem, I think I’d better run through my setup aswell to check for any abnormalities.
And damn those whimps for bugging around like that.