Bill Powell Is Alive [The Den]
{ Three Acres and a Penguin }

Wordpress Users: Spam in your Source!

begun: 2007 Dec 04, 19:03 Tue | updated: 2007 Dec 04 17:03 | tags:

If you or someone (else) you love uses WordPress, go to your site right now and view the source.

Hopefully, you won't see what I did: 

<a href="http://[evilspamsite.com]/?id=310" title="Dvd Haunted Mansion, The"&rt;Dvd Haunted Mansion, The</a&rt;
<a href="http://[evilspamsite.com]/?id=332" title="Dvd Sgt. Bilko"&rt;Dvd Sgt. Bilko</a&rt;
<a href="http://[evilspamsite.com]/?id=1335" title="Dvd Good German, The"&rt;Dvd Good German, The</a&rt;
<a href="http://[evilspamsite.com]/?id=145" title="Dvd Phone Booth"&rt;Dvd Phone Booth</a&rt;
<a href="http://[evilspamsite.com]/?id=331" title="Dvd Blind Date"&rt;Dvd Blind Date</a&rt;

And there was a lot more. On every page. It wasn't visible to the human browser, but lurked at the bottom of every page's code, invisibly inching the loathesome site higher in the search engines.

For all I know, it had been doing this for years. Perhaps I should go to archive.org and check. Perhaps not.

How did they get in? Did I allow comments to appear before I approved them? No. In theory, you couldn't even post a comment to approve until you registered first, but that had never quite worked, so perhaps I should have been suspicious. Somehow, the cracker modified a few key files so that the footer function in my template included a quiet new call.

Interactivity and a million nifty features come at a price. There must be some unintended quirk in the code that allowed a php call like index.php?mode=spamthedweeb. To be fair, I hadn't upgraded in awhile (*cough* 1.5 something). Perhaps the WordPress folks have since locked this up. On the other hand, I was already glad to be leaving WordPress. I'm grateful to the people who made it, and I've learned a lot, but it was time to go.

So check your source. Maybe it's time to upgrade. Good luck with your plugins.

You might find this helpful; this fellow appears to have had the same problem. In fact, according to this blog with annoying ads, Al Gore's site had the same problem. That was November 12, less than a month ago. Gore seems to have heard about it, but that blog also included a simple Yahoo search where you can see hundreds of other compromised blogs. Brr.

Maybe it's just time to use nuthatch, the bash CMS. Coming soon, right here. No, it's not ready yet, I just wrote it. But it's already in use. (Guess where.)

link to this | email Bill | send public comment

« Spreading the Laptop Virus?  •  Announcing Penny Justice »

Now available as bpalv.com!
Stop typing that amusing but neverending old
billpowellisalive-with-lots-of-tiny-l's-and-i's.com,
and try bpalv.com today!

Frequently Aggravating Questions

Helpful Pages

Feed: RSS 2.0 | Atom

Search

Tags/Categories/Ideas/Glue

(A supposedly easy and delightful way to navigate this site. Click one. It'll make sense soon.)

Archives

< December 2007 >
SuMoTuWeThFrSa
       1
2 3 4 5 6 7 8
9101112131415
16171819202122
23242526272829
3031     
 2008 2007 2006 2005 2004 2003 2001 2000 1999 1998 1997 1996

Rules

Do not link to dates or tags. They are capricious. They fear commitment.

Do not assume everything is tagged.

Do not boss around visitors to your web site.


[Powered by PyBloxsom]