What the hack?

The search box over in the sidebar might get some use from you guys, but it probably gets a lot more from me, as I try to see what else I might have said on a subject.

While doing that sort of research Monday, I found a couple of old posts which didn’t bring up the topic desired at all — but which, when served up by the Big G, contained extraneous information that happened to match the search. These were static pages; I sent up fresh copies, just in case. And then I went looking for a reason why.

Turns out that last week someone managed to drop a bogus redirect for search engines into .htaccess, and directed it to an encoded php command hiding in a little-used directory. I had WordPress pretty well locked down, but I’m thinking the problem was with FTP. It took me about two minutes to find the offending code and trash it. Passwords and such, of course, are being adjusted.


  1. CT »

    9 March 2011 · 9:33 am

    Speaking of sidebar stuff, what’s with that Blogshares button? Links to a parked spam page, and BS has been dead since, when?

  2. CGHill »

    9 March 2011 · 10:19 am

    As of two minutes ago, they were still active.

  3. Tatyana »

    9 March 2011 · 11:49 am

    This makes me worried about my own blog’ hidden nefarious intruders and my total inability not only deal with but recognize them.
    For instance, I noticed increased amount of visitors with strange URL which, for some reason, concentrate on one particular blogpost; when I click on that URl it redirects me to weird places: an online depository of some Islamic scholar’s writings, a collection of online articles on any possible topic, or to a site in blog format but with 0 comments for ages and with content that is direct copy-paste of someone else’s texts.
    I have no idea how to stop these visits

  4. CGHill »

    9 March 2011 · 11:56 am

    Well, since you’re on wordpress.com, they’re responsible for the security.

    Get Akismet. You’ll have to get an API from WordPress, but no big deal, and it catches lots of this stuff (99.3 percent, in my experience) before it falls out onto the blog.

  5. Tatyana »

    9 March 2011 · 12:23 pm

    I have AKISMET, it’s super, but I still get this strange visits, all the same. F.i., yesterday I had 33 single visits from a place identified as “hanturaya.cz.cc.aku-sangat-bensi-wordpress”; when I click on it, it redirects me to http://9.bb/Gsr, which is something phony.

  6. CGHill »

    9 March 2011 · 1:16 pm

    I have a rule: if I can’t figure it out without clicking on it, into the dustbin it goes.

  7. CT »

    9 March 2011 · 3:42 pm

    Re: BlogShares, here’s what I’m seeing onclick, as of a minute ago; this is on mobile Safari:

  8. CGHill »

    9 March 2011 · 4:05 pm

    Strange. They must have a mobile redirect going to Someplace Else Entirely.

  9. McGehee »

    9 March 2011 · 5:30 pm

    The Blogshares site loads correctly for me on the iPhone.

RSS feed for comments on this post