Get your meds here

A fun way to spend a Saturday – reinstalling wordpress because your blog got hacked.

Published by

Ragged Clown

It's just a shadow you are seeing that he's chasing.

4 thoughts on “Get your meds here”

  1. Fixed it, thanks!

    I did a complete reinstall and re-pointed the new install to the old database. I keep my theme in source control and have a backup of the uploads folder, so it’s pretty easy to bring those back.

    I reinstalled my plugins one by one because those are allegedly one of the vectors by which hacks happen.

  2. The hack is pretty sneaky btw and very widespread. A lot of wordpress have it and don’t know. The hack doesn’t change the public view of your blog at all. Instead it hijacks the response to googlebot so google thinks your blog is all about drugs.

    It’s pretty sophisticated too – it only hijacks some of your pages (the ones with high page rank) – so you have to pay really close attention to noticed that you are hacked.

    To see if you have the problem, find a search term that shows up high in your analytics – for me it was sozzlehurst and hiccup and google for it. If the google thinks the post is about meds, you are hacked.

    As far as I can tell, no one knows yet how the hack (called PharmaHack) gets in.

Leave a Reply

Your email address will not be published. Required fields are marked *