Has Your Blog Been Hacked?
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Google is taking a serious look at blogs in order to maintain the integrity of its pagerank system. This includes serious penalties to unsuspecting bloggers who have may not know that their site has been hacked and filled with hidden links to porn sites, viagra vendors, etc. If this happens to you, then there are important steps to take to make sure your blog is not removed from the Google index.
A few months ago, I wrote a post about how PayPerPost rejected my application because they thought this site was a splog…that is, the main purpose of this blog was either to sell links, advertise inappropriate content, or steal content from other blogs. Of course, I was indignant!
Well, I recently received a message from Google informing me that my sites were being removed from their index because of guideline violations. As a result, I discovered that my site had been hacked and filled with hundreds of the above-mentioned links.
Of course, as my blogging expertise comes from trial and error, I had to do some serious research to discover what the problem could be and how to rectify it.
It appears as though the damage was the probably the result of my upgrading to WordPress 2.5 or earlier. It is well known that their were significant vulnerabilities to the build, but I was so happy to have my permalinks intact (see earlier posts) that I did not rush to upgrade to version 2.5.1.
Again, in all fairness to WordPress, it is my assumption that this could be the cause of the security hole, but I can neither confirm nor deny…
However, here is what I did to rectify the situation and regain Google’s trust and love.
DETERMINE THE SOURCE OF THE VIOLATION
As mentioned above, numerous hidden links were inserted into several templates of my blogs. I was able to determine this simply by looking at the page source available from my firefox browser.
When in the WordPress admin design panel, I found the offending links in single post template, main page template, and footer template. These were easily removed.
However, I also had to actually look through the directories accessible through my web hosting service, and found several more sources. One was in the index.php of my top directory (outside of my WordPress Install) that added links to my header.
I also found a file that contained an application called phpspy. I deleted that file immediately, so I’m not sure.
After a recheck, all the hidden links were gone.
INCREASE YOUR BLOGS SECURITY
In order to prevent this from happening again, I followed the advice found in the article, Hardening Wordpress. This will direct you to making sure that your file directories are only writable by you in most instances (with the exception of some plugins and a few other resources.
Also, CHANGE YOUR PASSWORDS!!!! Obviously, the hacker was able to gain entry through some means. If it wasn’t the WordPress vulnerability mentioned above, then make sure your password hasn’t been compromised.
Most importantly, Make sure your blogs are running the most up to date version of WordPress. I have a feeling that had I done this, I would have saved myself time and effort.
For additional security, I also added the Last Logins plugin. This plugin will provide notification if someone is trying to gain access to the admin panel of your blog through a password hack like BruteForce.
WP-Spamfree plugin was also added. This will prevent the tons of comment spam which I believe was related to the hidden links in this site.
RESUBMIT YOUR BLOG TO GOOGLE FOR RECONSIDERATION
After you have removed all the offending links from your site, you can resubmit your blog to Google for reconsideration and re-entry into the index. Surprisingly, this site was cleared by Google within 24 hours.
As noted in a forum on webmasterworld.com, “in order for your Reconsideration request to get a positive result, it is very useful to let Google know more than a simple ‘I removed the parasite hidden links.’ If you fix the hole that was exploited on your server and include that fact in the request, you’ve done full due diligence on the issue. That step is often the deal-maker.”
