Bill Powell Is Alive
{ Man Found Alive With Two Legs }

A personal blog about Linux and literature, distributism and Catholicism, adventures in permaculture, and being alive.

Wordpress Users: Spam in your Source!

by Bill Powell | updated: 2007 Dec 04 Tue | published: 2007 Dec 04, 19:03 Tue
tags: linux

If you or someone (else) you love uses WordPress, go to your site right now and view the source.

Hopefully, you won't see what I did: 

<a href="http://[evilspamsite.com]/?id=310" title="Dvd Haunted Mansion, The"&rt;Dvd Haunted Mansion, The</a&rt;
<a href="http://[evilspamsite.com]/?id=332" title="Dvd Sgt. Bilko"&rt;Dvd Sgt. Bilko</a&rt;
<a href="http://[evilspamsite.com]/?id=1335" title="Dvd Good German, The"&rt;Dvd Good German, The</a&rt;
<a href="http://[evilspamsite.com]/?id=145" title="Dvd Phone Booth"&rt;Dvd Phone Booth</a&rt;
<a href="http://[evilspamsite.com]/?id=331" title="Dvd Blind Date"&rt;Dvd Blind Date</a&rt;

And there was a lot more. On every page. It wasn't visible to the human browser, but lurked at the bottom of every page's code, invisibly inching the loathesome site higher in the search engines.

For all I know, it had been doing this for years. Perhaps I should go to archive.org and check. Perhaps not.

How did they get in? Did I allow comments to appear before I approved them? No. In theory, you couldn't even post a comment to approve until you registered first, but that had never quite worked, so perhaps I should have been suspicious. Somehow, the cracker modified a few key files so that the footer function in my template included a quiet new call.

Interactivity and a million nifty features come at a price. There must be some unintended quirk in the code that allowed a php call like index.php?mode=spamthedweeb. To be fair, I hadn't upgraded in awhile (*cough* 1.5 something). Perhaps the WordPress folks have since locked this up. On the other hand, I was already glad to be leaving WordPress. I'm grateful to the people who made it, and I've learned a lot, but it was time to go.

So check your source. Maybe it's time to upgrade. Good luck with your plugins.

You might find this helpful; this fellow appears to have had the same problem. In fact, according to this blog with annoying ads, Al Gore's site had the same problem. That was November 12, less than a month ago. Gore seems to have heard about it, but that blog also included a simple Yahoo search where you can see hundreds of other compromised blogs. Brr.

Maybe it's just time to use nuthatch, the bash CMS. Coming soon, right here. No, it's not ready yet, I just wrote it. But it's already in use. (Guess where.)

link to this | email Bill | send public comment

Read more: blog (recent posts), tags or all posts.

This page last generated: Sun Jul 18 14:11:02 -0400 2010