Hey You! Your Blog Has Been Hacked!
Yes, your blog! I am talking to you. At least if you found me via Technorati or other vanity search methods. This blog post here explains one way how you can find out whether your blog has been compromised and advertises Viagra, Phentermine and online casinos. I checked mine and then I checked others.
I found out that for instance these blogs have been hacked by spammers:
- Hey, Hot Shot!
- scale nine : skins and themes for flex and adobe air
- Elatable | Bradley Horowitz
- The Macalope
- conduit labs blog
- Crazy Apple Rumors Site
- AvantLink’s Affiliate Marketing Blog
Are you one of them? Check your source code. Some blogs aren't hacked on the front page but certain posts are.
When I tried to contact one of those bloggers, I noticed that he makes it very difficult to contact him. No email address to be found neither on LinkedIn nor on his site. I surely will not pay to upgrade my LinkedIn account just to tell you that you're hacked.
Do you know other methods to test whether your blog has been hacked by spammers? Add them in the comments.
Btw.: If you are one of those Internet newbies who mistake SEOs for spammers: I did not hack you, so before you sue me:
I am the guy who told you that you're blog has been hacked!
Those hidden link injection attacks are ugly and hard to spot, but they’ve been around for a while now (just an example – http://www.mattcutts.com/blog/how-google-handles-hacked-sites/ ). I ran across one type which is much harder to track and even find: http://johnmu.com/hack-hidden-redirect/
Scary.
Very shady people operating on the net. Have to be careful.
Yep, thanks. Fixed.
Wow, that really is scary. I’d much rather be hacked with a huge sign on the site saying “You have been hacked you moron” rather than this cloak and dagger stuff going on…
That’s funny because I actually realized I was hacked last night. Actually, I probably only took note of your trackback because I knew that, yes, I was hacked. Boy was I pissed. I was about to go to bed and then had to spend 45 minutes figuring out how to get rid of it. I’m still not sure I did the right thing because I just removed the call to the offending code, not the offending code itself. I haven’t found it yet. Still looking.
Bastards.
Thanks, though.
Hello John Mu, thanks for dropping by. It’s really scary. If you develop an easy method to scan it you’ll get quite popular I guess. It certainly surpassess the attack described above.
david: That’s why I never would post pictures of my children online or give away private info like where you are now on Twitter. Any madman can read it and use it against you. If you check your referers closely you know how <em>many</em> madmen are out there.
Bradley: You’re welcome. nice to see that the post had some impact. You might also want to warn others perhaps…
Sophie, right, the obvious hacks seem pretty by now.
John Moltz: You might want to screen some of these pages:
http://www.google.de/search?q=site:www.crazyapplerumors.com+viagra
I couldn’t see much, but on some you have plain spam comments polluting your site.
My wordpress blog was hacked recently. I think it was due to a couple of things, the main one being that I neglected to keep my WP install up to date.
I think the other was that by default, dreamhost isn’t very secure.
The hacker was able to upload some insane php script that had access to everything on the site.
Learned my lesson though.
A few weeks ago we found out that the site of a friend of ours was hacked in the same way as is mentioned on the earnersblog.
We found out because it featured the text of the links in their description in Google’s serps (no other machine-readable content on the homepage)…..
You really need to keep checking 24/7!
Wow, thanks to folks like you we found and fixed the hack access. Amazing how you can be so vulnerable, without even knowing! Thanks again. Gary for AvantLink.
Spam hacking really cost me greatly recently, it’s happen when I was on vacation, and my site is being shutdown by my webhosting company for the last 5 days and lost some of my SERP in google due to high bounce rate. The only loophole is my contact form allow injection to send out Massive Spam Mail, duh!
[...] all “friends” and “friendly communities”. It’s the world of bad guys hacking good guys and blatant thieves stealing the [...]