Ragged Clown

It's just a shadow you're seeing that he's chasing…


Feb
4
2012

Get your meds here

A fun way to spend a Saturday – reinstalling wordpress because your blog got hacked.

Tags:

4 responses to Get your meds here

Stuart Thompson February 10, 2012

Ugh! I hate that. Hopefully you had a recent backup to work from and didn’t have to perform too many manual steps.

Kevin February 11, 2012

Fixed it, thanks!

I did a complete reinstall and re-pointed the new install to the old database. I keep my theme in source control and have a backup of the uploads folder, so it’s pretty easy to bring those back.

I reinstalled my plugins one by one because those are allegedly one of the vectors by which hacks happen.

Kevin February 11, 2012

The hack is pretty sneaky btw and very widespread. A lot of wordpress have it and don’t know. The hack doesn’t change the public view of your blog at all. Instead it hijacks the response to googlebot so google thinks your blog is all about drugs.

It’s pretty sophisticated too – it only hijacks some of your pages (the ones with high page rank) – so you have to pay really close attention to noticed that you are hacked.

To see if you have the problem, find a search term that shows up high in your analytics – for me it was sozzlehurst and hiccup and google for it. If the google thinks the post is about meds, you are hacked.

As far as I can tell, no one knows yet how the hack (called PharmaHack) gets in.

Leave a Reply

Your email address will not be published. Required fields are marked *