Comments on: The Aftermath of a Wordpress Spam Injection (and a Tool to Prevent it) http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/ Empowering businesses to leverage the new web economy Thu, 04 Mar 2010 22:28:37 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Spam…..Its True – I have been hacked!!!!! » Gremlin’s Fireside Chat http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-3281 Spam…..Its True – I have been hacked!!!!! » Gremlin’s Fireside Chat Thu, 15 Oct 2009 20:23:02 +0000 http://jungleg.com/?p=618#comment-3281 [...] now (I hope) in accordance with these guidelines. A  good site that helped me with this issue are JungleG and the usual Wordpress support – thanks guys.   « Michael Jackson and Farrah [...] [...] now (I hope) in accordance with these guidelines. A  good site that helped me with this issue are JungleG and the usual Wordpress support – thanks guys.   « Michael Jackson and Farrah [...]

]]> By: Denton Gentry http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-2527 Denton Gentry Sat, 12 Sep 2009 13:39:04 +0000 http://jungleg.com/?p=618#comment-2527 > curl --no-sessionid --user-agent "Googlebot/2.1 ... Might the next escalation in the spambot war be for them to start checking not only the user-agent, but also that the IP address resolves back to the google.com domain? > curl –no-sessionid –user-agent “Googlebot/2.1 …

Might the next escalation in the spambot war be for them to start checking not only the user-agent, but also that the IP address resolves back to the google.com domain?

]]> By: Denton Gentry http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-2526 Denton Gentry Sat, 12 Sep 2009 12:54:06 +0000 http://jungleg.com/?p=618#comment-2526 > “you’ll see the same ads in this post as well, as Google thinks this post is about that” FYI regarding the health ads on this page, you can use HTML comments to provide hints to Google’s Ad crawler of which portions of the page should be emphasized or de-emphasized. To suppress the health-related keywords, you’d surround the paragraphs with those keywords with the following: <!– google_ad_section_start(weight=ignore) –> … <!– google_ad_section_end –> Google’s description of the technique is here: https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168 > “you’ll see the same ads in this post as well, as Google thinks this post is about that”

FYI regarding the health ads on this page, you can use HTML comments to provide hints to Google’s Ad crawler of which portions of the page should be emphasized or de-emphasized. To suppress the health-related keywords, you’d surround the paragraphs with those keywords with the following:

<!– google_ad_section_start(weight=ignore) –>

<!– google_ad_section_end –>

Google’s description of the technique is here:
https://www.google.com/adsense/support/bin/answer.py?hl=en&answer=23168

]]> By: Adam Pieniazek http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-2519 Adam Pieniazek Thu, 10 Sep 2009 15:24:31 +0000 http://jungleg.com/?p=618#comment-2519 Another good idea is to setup Google alerts for spammy keywords for your domain. Hopefully you can catch it before it starts setting off Google alerts, but if not it's a nice, free fail safe. Another good idea is to setup Google alerts for spammy keywords for your domain. Hopefully you can catch it before it starts setting off Google alerts, but if not it’s a nice, free fail safe.

]]> By: Dave Newman http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-2151 Dave Newman Thu, 23 Jul 2009 15:27:48 +0000 http://jungleg.com/?p=618#comment-2151 I just found this same sort of thing on my Wordpress install - version 2.8.2. There was a file in the wp-includes directory called feed-atom2.php and included the Base64_decode for a remote user. I've saved the file if you'd like to have it :) I couldn't have found the problem without your post. Thank you. I just found this same sort of thing on my Wordpress install – version 2.8.2. There was a file in the wp-includes directory called feed-atom2.php and included the Base64_decode for a remote user. I’ve saved the file if you’d like to have it :)

I couldn’t have found the problem without your post. Thank you.

]]> By: mssmotorrd http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-1457 mssmotorrd Sun, 03 May 2009 12:52:10 +0000 http://jungleg.com/?p=618#comment-1457 It’s the first time I commented here and I must say you share us genuine, and quality information for bloggers! Good job. p.s. You have a very good template for your blog. Where did you find it? It’s the first time I commented here and I must say you share us genuine, and quality information for bloggers! Good job.
p.s. You have a very good template for your blog. Where did you find it?

]]> By: Joel Escobar http://jungleg.com/2009/04/20/the-aftermath-of-a-wordpress-spam-injection-and-a-tool-to-prevent-it/comment-page-1/#comment-1440 Joel Escobar Tue, 21 Apr 2009 03:51:21 +0000 http://jungleg.com/?p=618#comment-1440 Very cool tool. My only problem is the name. I would have spelled it with an "er". I don't run a blog, but I had a similar situation recently. In the last month or so, my installation of roundcube was compromised. The attacker able to execute code that replaced my index page with a redirect to a phishing bank site. It had been that way for like 10 days before I noticed. This installation is shared by all my clients, but no one complained so I assume that no one had tried using webmail in that time. My wife brought it to my attention when she was trying to use roundcube from her computer and complained that it kept sending her to a weird site. I thought for sure she was infected with some sort of malware. Then I tried from my machine and had the same problem so I knew it wasn't her computer. I went into panic mode thinking my server was hacked. After some investigation, it turned out my webmail vhost was the only one affected. So I deleted everything and installed the latest version from scratch. The new version is supposed to include some security updates that may or may not have been related to how my installation was compromised. Very cool tool. My only problem is the name. I would have spelled it with an “er”.

I don’t run a blog, but I had a similar situation recently. In the last month or so, my installation of roundcube was compromised. The attacker able to execute code that replaced my index page with a redirect to a phishing bank site. It had been that way for like 10 days before I noticed. This installation is shared by all my clients, but no one complained so I assume that no one had tried using webmail in that time. My wife brought it to my attention when she was trying to use roundcube from her computer and complained that it kept sending her to a weird site. I thought for sure she was infected with some sort of malware. Then I tried from my machine and had the same problem so I knew it wasn’t her computer. I went into panic mode thinking my server was hacked. After some investigation, it turned out my webmail vhost was the only one affected. So I deleted everything and installed the latest version from scratch. The new version is supposed to include some security updates that may or may not have been related to how my installation was compromised.

]]>