Your Help Needed URGENT

In General | 15 comments | permalink

Hi all,

I need your help…

For the past few months my blog seems to have been hacked, there has been no visible damage, but there is hidden text being added to the site related to drugs and pills etc…

I got rid of them once (not sure how), but they keep returning.

So, if you know anyone who is a good developer, programmer or technical type, please ask them to contact me ASAP, as I can’t update my Facebook experiment etc until I get this fixed.

To see the problem, you need to view the site as Google would view it, so use the tool at: Google viewer

and add http://www.deanhunt.com (the http:// is required)

Then, scroll down to the bottom and you will see text like this:

My Google rankings have dropped recently, so I think it is having an effect.

I recently upgraded my WordPress to try and sort this, but I think the damage had already been done.

If anyone has contact with Matt Cutts, I would love to hear his views on what Google can do to combat this… but frankly, I just need to get it removed ASAP, so go tell your tech buddies and I thank you all in advance for your help.

Normal service WILL resume Monday.

Dean

email this | tag this | digg this | trackback | comment RSS feed

Subscribe to my FEED for world domination

15 COMMENTS

  • Alan Who

    Could be quite a few things Deano – hit me up later today you know my number if you need to A team.

    Current score: 0
  • http://www.customcraftedkeywords.com Tim

    Dean… yeah I see it, but they don’t seem to be links just garbage, so don’t see the point unless it’s just for spite.

    Saw this wordpress post, maybe it will help, maybe not but feel for your dilemma.

    http://www.techcrunch.com/2008/06/11/my-blog-was-hacked-is-yours-next-huge-wordpress-security-issues/

    Current score: 0
  • Dave

    Hit me up on MSN later or ping me an email. Sounds to me like a few possible reasons. When you did the last clean up did you check for additional users that may have been added to the database? They are hidden in the wp-admin but they allow the hackers to jump back in and edit your templates even if your site is bum tight on the security settings :)

    There are other reasons. Happy to help you out.

    Dave

    Current score: 0
  • http://deanhunt.com Dean Hunt

    Dave,

    There were a few fake ones a few months back, but I removed them, and I just re-checked, and I am the only user there now.

    Dean

    Current score: 0
  • http://www.jaseemumer.com Jaseem Umer

    Just another buzz marketing technique? If it wasn’t you could just search to find a fix, but you didn’t, that is the reason for my doubt.

    Current score: 0
  • Dave

    Did you check the actual database? And not in the usual user fields? Sometimes they modify the calls in the wordpress script to check user data against other areas of the database to make them harder to find.

    Also I assume you changed your password for the wpadmin and the ftp after last time?

    Also, may need to look through all the other php files on your site and check if there are

    a) new php files in sub folders
    b) changed php files from the usual ones

    as backdoor information may be in there. This is in addition to chmod settings on the files and folders.

    My advice would be a full export of post info, a fresh upload of wordpress, a fresh application of the theme and a re-import of the post data.

    If it happens beyond that then your host is seriously fecked up and they are coming in via another route. But from the sounds of things it is classic wordpress hacking up.

    Current score: 0
  • http://deanhunt.com Dean Hunt

    Jaseem,

    Yes, damaging my own google rankings that I have spent years building is just a stunt…

    Don’t be stupid.

    Dave – many thanks, I will look into it.

    Current score: 0
  • http://www.fenestrationNews.com Ian

    Hi Dean, arrived here via Matthews RCG Blog.

    Your problem is that your blog input forms are being hijacked by input form spiders/robots, the little buggers get in everywhere.

    The only way forward with WordPress is to use ‘Human Intelligence Identification’ on the input forms. Meaning that as people input comments they are asked to type in a code they see on the screen. Machines and robots generally can’t read these.

    WordPress has such an add-on at http://wordpress.org/extend/plugins/search.php?q=Human+Intelligence+Identification

    Called wp_spamfree.
    http://wordpress.org/extend/plugins/wp-spamfree/

    Current score: 0
  • http://www.seoidiot.co.uk SEOidiot

    I can sort that Dean – done a load of work with people over that and exploited a few *ahemmm* ;)

    Current score: 0
  • http://www.macuha.com marhgil

    check your footer.php file on your WordPress theme. It seems that the hidden code was inserted there.

    Current score: 0
  • http://www.customcraftedkeywords.com Tim
  • http://www.bluejprojects.com Joanne Masterson

    Can you look at the IP addresses in recent logs? If you’ve had high query volumes from an IP page range (20-30 times an hour) that may be a bad bot.

    I’m no expert, just reading up.

    Good luck with this one, Dean.

    – Joanne

    Current score: 0
  • http://perrybelcher.net Perry Belcher

    Same thing happend to me Dean, Turned out to be a theme I had installed. Was hidden in the theme code and I like to have never found it out.

    I have heard of the same of some plugins.

    Current score: 0
  • http://www.davidnaylor.co.uk DaveN

    same thing happened to me not fun.. easy fix remove wp_footer() call from footer to start with

    Current score: 0
  • http://www.jaybellbooks.com Jay Bell

    Is the code always inserted into the footer, or should I be checking my header and another files as well?
    Jay Bell´s last blog ..I’ve got my own logo! My ComLuv Profile

    Current score: 0