Linux Sysadmin Blog

Hidden Wordpress Spam:

- | Comments

A month ago one of our customers complained on lots of spam comments appearing on his Wordpress site. There’s no development changes, including updates, to that site since it was launched and it runs on WP version 2.3.3. We managed the issue by activating the Akismet plugin and upgrading the Wordpress to latest version (2.7.1 at this time).

reference

Yesterday, the same customer reported back the spam results appearing on Google search from his site. So i checked all the approved comments and pages on the site but i found nothing. At first I thought it was on Google cache but i don’t think it’s the case since it’s been a month since we implemented the spam filter and wp upgrade. Then I checked on the database contents and found several spam messages inserted on blog posts, most of them were inserted at the end of posts.

Spam messages looks like this:

1
2
3
<!-- manager-start -->
  <style>div.ONqjGUvTIf {height: 0pt;width: 3pt;position: absolute;overflow: auto}</style><div class="ONqjGUvTIf">viagra anxiety  <a href="http://insiteblog.mit.edu/?item=201&desc;=generic-brands-of-viagra-online"> generic brands of viagra online</a> taking viagra woman\ncheap gerneric viagra <a href="http://insiteblog.mit.edu/?item=33&desc;=viagra-dosage">viagra dosage</a> "generic  </div>
<!-- manager-end -->

If you check on the blog pages you can’t see these text so you can’t easily tell that the posts/pages were attacked, but if you try to view the html source generated by the browser you can see them - that is why it is included when Google index/crawl your site contents or pages. These spam appeared to have been inserted before our WP upgrade to it must be an exploit on our old WP version (2.3.3).

To remove you can edit the post from your WP Admin section or you can edit directly from database (ex: phpmyadmin).

Comments