1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning to wordpress webmasters - pharma hack

Discussion in 'White Hat SEO' started by Rudyzplace, May 7, 2014.

  1. Rudyzplace

    Rudyzplace Regular Member

    Joined:
    Aug 24, 2009
    Messages:
    266
    Likes Received:
    117
    Occupation:
    SEO expert
    Location:
    GPS signal dead...please hold
    Hi,

    Today I found that 2 of my wordpress blogs were infected with something which is called pharma hack - read more about it here http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html

    apparently it is visible only to crawlers and injects links into your posts and pages.
    I've been leaking for an unknown time now, updated wordpress to v3.9 in order to clear the hack.

    Not sure if it will be enough, I've tried looking for the files which the article I linked refers to but didnt find them after the WordPress update.

    Let me know if you encountered this hack before and you recommend more measures to be taken.

    Thanks
     
    • Thanks Thanks x 1
  2. Clifton Allen Says

    Clifton Allen Says Junior Member

    Joined:
    Apr 15, 2014
    Messages:
    190
    Likes Received:
    250
    Home Page:
    use plugin called WORDFENCE good security!!
     
  3. gillespieellison

    gillespieellison Newbie

    Joined:
    Apr 23, 2014
    Messages:
    8
    Likes Received:
    2
    suggestion appreciated, i use strong passwords to get avoid from hackers. is that a free plugin?
     
  4. tnhomestead

    tnhomestead Regular Member

    Joined:
    Oct 9, 2011
    Messages:
    385
    Likes Received:
    253
    Location:
    Tenneessee USA
    Home Page:
    Wordfence is free, and pretty good. I also use sucuri on some sites. Best way to avoid is to never use free plugins/themes, I have found even reputable members here sharing infected files -- not saying they knew about it, but a lot of nulled/shared files are infected by different hacks.
     
  5. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,912
    Likes Received:
    7,494
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Free WP plugins are a security hazard. WP itself is pretty secure, but folks indiscriminately install 200 plugins per setup and so many plugins have security flaws.
     
  6. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 28, 2011
    Messages:
    3,649
    Likes Received:
    1,907
    Occupation:
    Ninja
    Few days ago my website was also hacked. It started redirecting to a weird url and I was only using All in 1 SEO pack, statcounter and tinymce advanced plugin.
     
  7. Vanrithy

    Vanrithy Power Member

    Joined:
    Jun 11, 2013
    Messages:
    620
    Likes Received:
    375
    Occupation:
    E-Media Officer
    Location:
    Kingdom of Wonder
    Home Page:
    I used to have this hack on one of my site, too.

    - I used Xenu to check external links & search through my DB for those terms and deleted them.

    - Updating WordPress was not enough at least for me. Therefore, I installed new fresh WordPress.

    - I accesses my WordPress files through ftp and sorted by newest to see if there were any suspicious files in all of my site's folders.

    - I also replaced my old plugins to newer ones. In addition, I deleted all of the unused themes and plugins for my site completely.

    - WordFence & Sucuri scan was not a big help for me at that time because it showed green while my site was infected. Yet, WordPress Exploit Scanner was helpful at that time.

    - The infected also stayed inside 404.php as well as my htaccess file & others.

    Hope it help!
     
    • Thanks Thanks x 1
  8. zerocool44

    zerocool44 Newbie

    Joined:
    Apr 14, 2014
    Messages:
    17
    Likes Received:
    2
    Occupation:
    SEO Analyst
    Location:
    Dallas,TX
    Thanks for making everyone aware OP. How did you figure out you were infected?
     
  9. cryptexicebone

    cryptexicebone Regular Member

    Joined:
    Sep 9, 2012
    Messages:
    409
    Likes Received:
    78
    Occupation:
    Baller
    Location:
    los angeles, ca
    Thanks for the tip
     
  10. Bluearrow

    Bluearrow Regular Member

    Joined:
    Jul 8, 2010
    Messages:
    331
    Likes Received:
    89
    Thanks for sharing. Have bunch of worldpress blogs to check!
     
  11. Rudyzplace

    Rudyzplace Regular Member

    Joined:
    Aug 24, 2009
    Messages:
    266
    Likes Received:
    117
    Occupation:
    SEO expert
    Location:
    GPS signal dead...please hold
    I'm using serpbook, they have this little magnifying glass next to the keywords which shows you search results from their USA proxy crawler (which can see these spammy links as normal)
    I looked into one of my sites just to see how it looks and saw tons of pharma links.

    Pure luck
     
    Last edited: May 7, 2014
  12. Numbuh362

    Numbuh362 Elite Member

    Joined:
    Aug 22, 2012
    Messages:
    1,569
    Likes Received:
    462
    thanks for warning us, I always update my wordpress just in case.
     
  13. xxf8xx

    xxf8xx Supreme Member

    Joined:
    Nov 30, 2009
    Messages:
    1,321
    Likes Received:
    596
    Occupation:
    IM
    This happened to me with lots of my old outdated blogs that I don't use anymore a long time ago. I ended up uploading a simple backdoor finder script to my server and using it to locate all the backdoor files and deleted them. Then I got rid of 100 or so old wordpress sites that I didn't use anymore. The last thing to do was to make sure the ones in use are updated regularly and have the Bulletproof Security plugin installed. This plugin and regular backups have never failed me since!
     
  14. findsm

    findsm Newbie

    Joined:
    Apr 30, 2014
    Messages:
    29
    Likes Received:
    2
    Occupation:
    I also do IOS Development
    Location:
    iowa
    Home Page:
    hey thanks for the tip, ive been slacking on the update on my sites, I'm going to go do that now.