[wp-hackers] Porn links in google cache
Dre Armeda
feeds at armeda.com
Thu Jul 14 16:14:03 UTC 2011
It most likely is the Pharma hack from the sound of it. It was
definitely popular last year, but it hasn't gone away. We're still
seeing it daily but in varied capacities. The string mutates constantly,
and is still very relevant.
There are plenty of resources online to clean it up as noted. The thing
to make sure of is that you find/remove all of the backdoor files that
usually come with the malicious payload. This can be painful because
they vary considerably. They vary in name, size, code base, insertion
points, etc. The malicious payload is usually more obvious and simple to
find, but if you don't clean up the backdoor files, you're likely to get
reinfected. At minimum, the risk is high for recurring issues.
Hope this helps,
Dre
On 7/14/11 8:58 AM, Chip Bennett wrote:
> Absolutely poor HOST security, or poor USER security (FTP credential
> hijacking, etc.).
>
> Google has your
> back<http://www.google.com/#hl=en&xhr=t&q=wordpress+pharma+hack&cp=13&qe=d29yZHByZXNzIHBoYQ&qesig=6Z1sXovPDxfD25y-JQq8Wg&pkc=AFgZ2tnyqGRfkS3Tz14xULOprlN1qYlU_oAAipQplVIPS6_lZCulggI5VWplaaFsyOe9P6blbseW_C3_5Rp1adH3Cy9xiZb5-w&pf=p&sclient=psy&newwindow=1&safe=off&source=hp&aq=0&aqi=g5&aql=&oq=wordpress+pha&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=2b8480a1095a616e&biw=1280&bih=903>for
> researching the hack, and how to clean it up.
>
> On Thu, Jul 14, 2011 at 10:45 AM, Justin W Hall<justin at justinwhall.com>wrote:
>
>> Thanks Chip-
>>
>> Can you elaborate a little? Is this a result of poor HOST security or poor
>> WP security?
>>
>>
>>
>> On Jul 14, 2011, at 11:28 AM, Chip Bennett<chip at chipbennett.net> wrote:
>>
>>> Google for the WordPress Pharma hack that went around last year or so.
>> This
>>> sounds exactly like that.
>>>
>>> Chip
>>>
>>> On Thu, Jul 14, 2011 at 10:20 AM, Justin W Hall<justin at justinwhall.com
>>> wrote:
>>>
>>>> Hey folks-
>>>>
>>>> It's been brought to my attention that when a site a recently worked in
>> is
>>>> viewed via google cache, there is a whole list of mostly porn related
>> links
>>>> that have been added to the bottom of the pages that obviously do not
>> exist
>>>> on the page. My questions:
>>>>
>>>> 1) how does this happen? Host related malware?
>>>>
>>>> 2) what us the best way to go about fixing this.?
>>>>
>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list