[wp-hackers] Porn links in google cache
Justin W Hall
justin at justinwhall.com
Fri Jul 15 16:11:27 UTC 2011
Got a chance to scan the infected site. Found many of the usual Pharma
suspects base64_decode functions, base64-min.js files, eval etc...
Looks as though they live mostly in plugin folders child function files.
Haven't scanned the database yet. Ugh.
On Jul 15, 2011, at 3:07 AM, Chris Taylor - stillbreathing.co.uk wrote:
> Hi Justin,
>
> I got hacked with this last year. It's a nasty one, but (touch wood)
> my site seems OK at the moment). I wrote a short article about it with
> some useful links:
> http://www.stillbreathing.co.uk/2010/11/21/wordpress-pharma-hack/
>
> Hope you get it sorted.
>
> Chris
>
>
> On Thu, Jul 14, 2011 at 4:20 PM, Justin W Hall
> <justin at justinwhall.com> wrote:
>> Hey folks-
>>
>> It's been brought to my attention that when a site a recently
>> worked in is viewed via google cache, there is a whole list of
>> mostly porn related links that have been added to the bottom of the
>> pages that obviously do not exist on the page. My questions:
>>
>> 1) how does this happen? Host related malware?
>>
>> 2) what us the best way to go about fixing this.?
>>
>>
More information about the wp-hackers
mailing list