[Tigger]

some little shit has hacked into one of my blogs, least I think its one I've got to look at the others yet

I only noticed it as I was editing a posting and saw a link to some free videos and couldn't remember adding it, but what they had done was place the text as hidden so not displaying when viewing the blog but when in code mode it was there obviously just going for the link rather than traffic

So far it seems the only pages effected are the ones where comments were open as I changed the blog stopping comments and so far the only pages effected are those but I really fail to see how thats how they got in

got a fun day tomorrow going through all my blogs

[Gaystoryman]

Does that mean is going to update more often now?

There is a good plugin to use, that helps scan your blogs. I'll dig it out and post it for you. It'll check the database and files so should help you.

Exploit Scanner HERE

Make sure you get the right version, for the software version you are using. I think it still goes back to Wordpress version 1.5

[Tigger]

cheers, I've been away most of the day so not really had a chance to look at the blog but its defiantly the older postings where comments are open that been hacked into

AND its 2.9 its running so NAH

thanks for the link and I'll look at it better tomorrow as I'm wacked

[VoyGeorge]

It just isn't worth accepting comments unless you have a bunch of plugins for anti-spam and URL stripping. In my experience for pr0n they don't add to the SE weight.

[Tigger]

it was my first blog VG so comments were left open, I know better now

The thing is whilst the comments open is the only thing I can find I still don't see how the twats hacked into the main posting, these hidden links were in the main posting NOT the comment, so I'm still at a loss here - but its late and the red is flowing so not looking at it now as the worst thing I'm doing is giving out free links, which you can trust me by tomorrow will be all gone

[VoyGeorge]

That doesn't sound like comment spam and it's possible it's been there a while, before you upgraded your blog to a later version.

Lots of luck a hidden link will give them. Virtually no chance G will pick it up - but lots of chance that if there are others you could be penalized.

What these spammers don't realize is that G runs a "virtual browser" that determines if text can be viewed in frames, divs, or other content. It checks text and anchors to ensure they are visible, and of reasonable size. Some accidental coding errors are allowed, but they stopped this kind of blackhat SEO long time ago.

Your real worry is if they inject some i-frame code in there, which will work even if it's in a hidden DIV. Then G will flag your shit as "This site may harm your computer" and that can cause major SERP drubbing.

[gonzogone]

Tiggs, I think the biggest question I have is... is this the site you installed a fresh 2.9 on?

[Tigger]

Quote:

Lots of luck a hidden link will give them. Virtually no chance G will pick it up - but lots of chance that if there are others you could be penalized.

the sites fine traffic levels are pretty constant so its not picked anything up

Quote:

Tiggs, I think the biggest question I have is... is this the site you installed a fresh 2.9 on?

I upgraded to 2.9 when it was released, but I'm sorry Brent I don't follow you here??

[gonzogone]

I thought you recently said you had installed some blogs with a fresh 2.9 install. Was wondering if this was one of them. Since you just said you upgraded to 2.9, clearly not one of these...

Of course, I'm still a bit shocked that you upgraded to 2.9 when it came out!

[Tigger]

Quote:

Of course, I'm still a bit shocked that you upgraded to 2.9 when it came out!

what can I say xmas only comes but once a year so I thought I'd give my blog its yearly xmas treat

[gonzogone]

you're so thoughtful!

[Webmistress]

Thanks for the link Ian, it has picked up these hidden links - they have actually put them into a form field marked to be hidden!!! Still do not understand how they have done it as the only commonality is that it has been done to posts that still had comments open but it is not a comment but inserted into the main post code!!

Why can't these idiots find some better way to spend their time!

Cheers for your help again

[Gaystoryman]

More than likely they got in from exploits or holes that were found open in earlier versions of wordpress. Hence their maintenance and security upgrades. (hint )

[Tigger]

nope

wanna borrow this guys

[webcamjammer]

If you find any exploit code i would be interested in looking at it, so that we can all try to stop the attack, and/or report to the wordpress people so that we can get a fix. Im guessing your blog was probably targeted because of its PR. Really sucks man, i hope you get the issue resolved.


One love.