September 19, 2008

Your Help Needed URGENT

In General | 14 comments | permalink

Hi all,

I need your help…

For the past few months my blog seems to have been hacked, there has been no visible damage, but there is hidden text being added to the site related to drugs and pills etc…

I got rid of them once (not sure how), but they keep returning.

So, if you know anyone who is a good developer, programmer or technical type, please ask them to contact me ASAP, as I can’t update my Facebook experiment etc until I get this fixed.

To see the problem, you need to view the site as Google would view it, so use the tool at: Google viewer

and add http://www.deanhunt.com (the http:// is required)

Then, scroll down to the bottom and you will see text like this:

My Google rankings have dropped recently, so I think it is having an effect.

I recently upgraded my Wordpress to try and sort this, but I think the damage had already been done.

If anyone has contact with Matt Cutts, I would love to hear his views on what Google can do to combat this… but frankly, I just need to get it removed ASAP, so go tell your tech buddies and I thank you all in advance for your help.

Normal service WILL resume Monday.

Dean

email this | tag this | digg this | trackback | comment RSS feed

Subscribe to my FEED for world domination

14 COMMENTS

14 comments for this post.

  1. Comment from Alan Who on September 19th, 2008 :

    Could be quite a few things Deano - hit me up later today you know my number if you need to A team.

  2. Comment from Tim on September 19th, 2008 :

    Dean… yeah I see it, but they don’t seem to be links just garbage, so don’t see the point unless it’s just for spite.

    Saw this wordpress post, maybe it will help, maybe not but feel for your dilemma.

    http://www.techcrunch.com/2008/06/11/my-blog-was-hacked-is-yours-next-huge-wordpress-security-issues/

  3. Comment from Dave on September 19th, 2008 :

    Hit me up on MSN later or ping me an email. Sounds to me like a few possible reasons. When you did the last clean up did you check for additional users that may have been added to the database? They are hidden in the wp-admin but they allow the hackers to jump back in and edit your templates even if your site is bum tight on the security settings :)

    There are other reasons. Happy to help you out.

    Dave

  4. Comment from Dean Hunt on September 19th, 2008 :

    Dave,

    There were a few fake ones a few months back, but I removed them, and I just re-checked, and I am the only user there now.

    Dean

  5. Comment from Jaseem Umer on September 19th, 2008 :

    Just another buzz marketing technique? If it wasn’t you could just search to find a fix, but you didn’t, that is the reason for my doubt.

  6. Comment from Dave on September 19th, 2008 :

    Did you check the actual database? And not in the usual user fields? Sometimes they modify the calls in the wordpress script to check user data against other areas of the database to make them harder to find.

    Also I assume you changed your password for the wpadmin and the ftp after last time?

    Also, may need to look through all the other php files on your site and check if there are

    a) new php files in sub folders
    b) changed php files from the usual ones

    as backdoor information may be in there. This is in addition to chmod settings on the files and folders.

    My advice would be a full export of post info, a fresh upload of wordpress, a fresh application of the theme and a re-import of the post data.

    If it happens beyond that then your host is seriously fecked up and they are coming in via another route. But from the sounds of things it is classic wordpress hacking up.

  7. Comment from Dean Hunt on September 19th, 2008 :

    Jaseem,

    Yes, damaging my own google rankings that I have spent years building is just a stunt…

    Don’t be stupid.

    Dave - many thanks, I will look into it.

  8. Comment from Ian on September 19th, 2008 :

    Hi Dean, arrived here via Matthews RCG Blog.

    Your problem is that your blog input forms are being hijacked by input form spiders/robots, the little buggers get in everywhere.

    The only way forward with Wordpress is to use ‘Human Intelligence Identification’ on the input forms. Meaning that as people input comments they are asked to type in a code they see on the screen. Machines and robots generally can’t read these.

    Wordpress has such an add-on at http://wordpress.org/extend/plugins/search.php?q=Human+Intelligence+Identification

    Called wp_spamfree.
    http://wordpress.org/extend/plugins/wp-spamfree/

  9. Comment from SEOidiot on September 19th, 2008 :

    I can sort that Dean - done a load of work with people over that and exploited a few *ahemmm* ;)

  10. Comment from marhgil on September 20th, 2008 :

    check your footer.php file on your Wordpress theme. It seems that the hidden code was inserted there.

  11. Comment from Tim on September 21st, 2008 :

    Just saw this on Warriors Forum

    http://www.warriorforum.com/main-internet-marketing-discussion-forum/13839-my-wordpress-blog-hacked-again.html

  12. Comment from Joanne Masterson on September 22nd, 2008 :

    Can you look at the IP addresses in recent logs? If you’ve had high query volumes from an IP page range (20-30 times an hour) that may be a bad bot.

    I’m no expert, just reading up.

    Good luck with this one, Dean.

    – Joanne

  13. Comment from Perry Belcher on September 22nd, 2008 :

    Same thing happend to me Dean, Turned out to be a theme I had installed. Was hidden in the theme code and I like to have never found it out.

    I have heard of the same of some plugins.

  14. Comment from DaveN on September 23rd, 2008 :

    same thing happened to me not fun.. easy fix remove wp_footer() call from footer to start with

Leave a Comment