1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam Links Injected Into My WordPress Blog!!!

Discussion in 'Black Hat SEO' started by surfspik, Apr 23, 2008.

  1. surfspik

    surfspik Newbie

    Joined:
    Mar 11, 2007
    Messages:
    37
    Likes Received:
    48
    I was just updating some stuff on an old blog of mine and found 100's of spammy links in a hidden layer that were definitely not put there by me! Someone has managed to fill my blog up with pages of spammy links.

    Only really noticed when I seen a description on yahoo search results for the site as "Cingular cell phone ringtones 7210 ringtones Download free midi ringtones Mariah ... Downloadable ringtone tracfone Rfee ringtones Mp3 ringtone forum Truetone ..." its a travel/vacation site and nothing to do with ringtones!!!

    Have deleted all the links now but I noticed they were different than the ones Yahoo has cached in results which means they are getting rotated somehow!

    a) How are they doing this and how do i get back at them

    b) how to avoid this happening again please

    I know this is a blackhat forum but filling someone elses site full of spammy links is fucking disgraceful!!!!!!!!!! Although this is an old blog of mine it gets decent traffic and makes a few dollars a day - no doubt that will end now as when google sees all that hidden spam site will be gone!
     
  2. Nick Flame

    Nick Flame Executive VIP Premium Member

    Joined:
    Aug 26, 2007
    Messages:
    1,314
    Likes Received:
    4,377
    a) sql injection most probably
    b) upgrade to the latest wordpress version.
     
  3. surfspik

    surfspik Newbie

    Joined:
    Mar 11, 2007
    Messages:
    37
    Likes Received:
    48
    Thanks for quick reply
    is this a security problem with older versions of wordpress then? Unfortunately the site in question is still running 2.0.2 and have dbase problems with the site even upgrading to this version from previous - loathe to try and upgrade again from faulty installation/dbase - any other way to stop this apart from upgrading to newer wordpress version?

    Anyway to get back at these wankers? Would reporting to ISP/Host do any good?
     
  4. mightybh

    mightybh Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 27, 2008
    Messages:
    1,029
    Likes Received:
    1,714
    Occupation:
    CEO
    Location:
    UK
    and

    c) What would be the best way to XSS all outdated blogs the same way? :D
     
  5. surfspik

    surfspik Newbie

    Joined:
    Mar 11, 2007
    Messages:
    37
    Likes Received:
    48
    Thanks mightybs
    incredibly helpful AND funny - well done
     
  6. undeterminederror

    undeterminederror BANNED BANNED

    Joined:
    Mar 31, 2008
    Messages:
    630
    Likes Received:
    457
    are you sure u don't use a link exchange script ? cause that was happen to me with this kinda script.
     
  7. zx_81

    zx_81 Newbie

    Joined:
    May 10, 2008
    Messages:
    43
    Likes Received:
    3
  8. surfspik

    surfspik Newbie

    Joined:
    Mar 11, 2007
    Messages:
    37
    Likes Received:
    48
    Thanks for that link zx 81 - some scary shit out there for hacking wordpress!
     
  9. zx_81

    zx_81 Newbie

    Joined:
    May 10, 2008
    Messages:
    43
    Likes Received:
    3
    Yup, there is. Especially the older versions. You might want to reconsider updating that blog even if it involves rebuilding the dB from the ground up via mysql or by re-entering every post from the control panel.