We random process certainly got hacked in a major way. About a week ago, I noticed my Google search referrals dropping like a stone. After a few days, searches were down from several hundred per day to less than 10. Needless to say, I was ripping my hair out. I donâ€™t do any weird shady stuff with my website and I didnâ€™t think I had stepped on Googleâ€™s foot anywhere along the way. I was pretty stumped. My only lead was the thought that perhaps the links back to my site in the themes Iâ€™ve released over the years has linked me with some â€˜bad neighborhoodâ€™ sites around the internet. I ended up sending in a reconsideration request to Google, in the hopes that my case would be excused, if that were even the problem.
As it turns out, that probably wasn’t the problem at all. By complete random change, I fired up the updated Windows Live Writer to work on the long-time-coming Microsoft Zune review only to find that footer of my site was filled with garbage keywords in the preview, selling prescription drugs for cheap and the like. This was especially curious since I had never seen any of these links when on my site previously. Quickly, I navigated to my site in Firefox and found nothing. A view source showed nothing either. Bewildered, I checked WLW again, and there it was.
To confirm, I performed a search, ‘site:randomprocess.ca prescriptions’ and lo-and-behold, tons of links with drug-related keyword links appeared. But curiously, clicking through to the links, once again, showed nothing amiss. Trying the cache also didn’t show anything wrong.
I then went over to Yahoo to double check; however unlikely, I had to make sure Google wasn’t improperly caching or doing something weird. But Yahoo showed the same thing. This time though, viewing the cache displayed the spam links in all their glory.
With some knowledge of the problem at hand, I did a search and many articles on the issue immediately appeared. It seems like this was no unique occurrence. Here’s a few of the articles I referenced in cleaning up my site:
- WordPress exploit giving backlinks, redirects and headaches but no visitors 😉 â€“ Blogger Guide
- WordPress exploit: we been hit by hidden spam link injection â€“ Linux by Examples
- Did your WordPress site get hacked? â€“ Donncha
- WordPress Exploit: wordpress_options
As is explained in the utmost detail in those links, this hack is no trivial matter. It encompasses everything from database fields (new user, bogus plugins that activate PHP scripts that are actually stored as image types, jpg, gif, png, etc) to script injected into themes to htaccess changes. I hadn’t realized that WordPress 2.6 was susceptible, but I’ve now upgraded to the latest version. On the other hand, if 2.6 wasn’t exploited, then I can only shudder at the thought of when my site was hacked… back in the 2.5 days?
One thingâ€™s for sure, I can stop ripping my hair out over the loss of search traffic. Just what I needed after a 10 hour work-dayâ€¦