[wp-hackers] Porn links in google cache

Justin W Hall justin at justinwhall.com
Thu Jul 14 16:21:41 UTC 2011


Great. Hard enough explaining to my client this isn't really my fault once. I'm sure two or three times down the road it's not going to get much better. The SEO hit is what's really going to be hard pull to swallow. 



On Jul 14, 2011, at 12:14 PM, Dre Armeda <feeds at armeda.com> wrote:

> It most likely is the Pharma hack from the sound of it. It was definitely popular last year, but it hasn't gone away. We're still seeing it daily but in varied capacities. The string mutates constantly, and is still very relevant.
> 
> There are plenty of resources online to clean it up as noted. The thing to make sure of is that you find/remove all of the backdoor files that usually come with the malicious payload. This can be painful because they vary considerably. They vary in name, size, code base, insertion points, etc. The malicious payload is usually more obvious and simple to find, but if you don't clean up the backdoor files, you're likely to get reinfected. At minimum, the risk is high for recurring issues.
> 
> Hope this helps,
> Dre
> 
> On 7/14/11 8:58 AM, Chip Bennett wrote:
>> Absolutely poor HOST security, or poor USER security (FTP credential
>> hijacking, etc.).
>> 
>> Google has your
>> back<http://www.google.com/#hl=en&xhr=t&q=wordpress+pharma+hack&cp=13&qe=d29yZHByZXNzIHBoYQ&qesig=6Z1sXovPDxfD25y-JQq8Wg&pkc=AFgZ2tnyqGRfkS3Tz14xULOprlN1qYlU_oAAipQplVIPS6_lZCulggI5VWplaaFsyOe9P6blbseW_C3_5Rp1adH3Cy9xiZb5-w&pf=p&sclient=psy&newwindow=1&safe=off&source=hp&aq=0&aqi=g5&aql=&oq=wordpress+pha&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=2b8480a1095a616e&biw=1280&bih=903>for
>> researching the hack, and how to clean it up.
>> 
>> On Thu, Jul 14, 2011 at 10:45 AM, Justin W Hall<justin at justinwhall.com>wrote:
>> 
>>> Thanks Chip-
>>> 
>>> Can you elaborate a little? Is this a result of poor HOST security or poor
>>> WP security?
>>> 
>>> 
>>> 
>>> On Jul 14, 2011, at 11:28 AM, Chip Bennett<chip at chipbennett.net>  wrote:
>>> 
>>>> Google for the WordPress Pharma hack that went around last year or so.
>>> This
>>>> sounds exactly like that.
>>>> 
>>>> Chip
>>>> 
>>>> On Thu, Jul 14, 2011 at 10:20 AM, Justin W Hall<justin at justinwhall.com
>>>> wrote:
>>>> 
>>>>> Hey folks-
>>>>> 
>>>>> It's been brought to my attention that when a site a recently worked in
>>> is
>>>>> viewed via google cache, there is a whole list of mostly porn related
>>> links
>>>>> that have been added to the bottom of the pages that obviously do not
>>> exist
>>>>> on the page. My questions:
>>>>> 
>>>>> 1) how does this happen? Host related malware?
>>>>> 
>>>>> 2) what us the best way to go about fixing this.?
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>> 
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>> 
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list