Welcome to base6 Design, like what you see? Why not Get A Quote!?

Give base6 a call on (+44) 01143 60 66 60

Stay on top of WordPress Spam Injection with Automatic Upgrades and SpamCheckr

October 16, 2009

I had the unfortunate experience of being spammed a few months ago. Not a huge deal but it did cause both Baconmusic and Engand for Obama to be removed from Google search results for 30 days.

If however it would have been THIS site or one of my client sites I would have been in serious trouble.

What happened

Both of the sites in question were running old versions of WordPress with modified themes that I hadn’t developed from scratch. I’d simply made new CSS/images over an existing framework.

The Baconmusic website was re-designed in 2008 after 4 years with the old look and feel

Baconmusic was attacked by link SPAM

Turns out both of these themes had security holes, as did the version of WordPress (2.5) each of the sites were running.

These exploits allowed an evil spam bot to hack in and insert some dodgy code into the WordPress theme header and footer files.

How did I find out

An email arrived in my inbox – the weird thing was initially I thought it was SPAM. The subject was something along the lines of “Your website has been removed from Google..”

Google warning message, courtesy of spamcheckr.jungleg.com/about

Google warning message, courtesy of spamcheckr.jungleg.com/about

“Yeh, sure… whatever…” I thought. Then I read the message and quickly got worried.

After trawling my website code it was obvious something was wrong. Literally 100s of hidden links were embedded into the header and footer of each site. You can imagine the type – viagra, dating, weight loss, money making… all that rubbish.

How I fixed it

First thing I did was fire up SpamCheckr a great service which will use Googles own algorithms to look though your site and report on the problem. Both sites came back with 1000s of issues and a Spam Score which was off the charts (eek!).

The next step was to look into my WordPress theme and find the damage – and after logging in it was obvious where the problem lie: header.php and footer.php where awash with nasty encrypted PHP code.

The easiest way to fix this problem was to re-upload my theme files from a local backup. Therefore overwriting any changes – phew!

After this I upgraded WordPress to the latest version on both blogs. Ran a few security checks and installed a couple of security hardening plugins.

I then gave SpamCheckr another run to make sure everything was clean. My Spam Score was now a truly delightful ZERO :)

Thankfully my MySQL database was secure. If not the bot could have hacked in and added lines of code to every single post/page/comment in my WordPress database. This happened recently on the CoolSmartPhone website and caused it to go down for a couple of days – nasty stuff!

Immunisation

Upgrading WordPress and checking for weird code in themes is the best measure to ensure this never happens again.

Plugins are also a risk – like themes always download from the official WordPress site or a site you know and trust.

I also run SpamCheckr once a month on every site I manage – just in case – they actually have a service which can do this for you automatically but I have yet to sign up.

IF you’ve never ran this on your site please – do it now.

No Comments

No comments yet.

Sorry, the comment form is closed at this time.

Making Clients Happy

with over 10 years experience giving clients what they want base6 can guarantee a stress-free venture

Helping Businesses Grow

we specialise in helping get your site online in the simplest, speediest and most affordable way

Cost Effective Solutions

modest overheads and tried and tested practices equal effective, inexpensive solutions, it really is that simple!

Contact

Blog: Rejigging Our Services

services re-work

Evolution of a business model is tricky but sometimes things happens to help the processes along, for me it was two things.

Read More »

base6 Design Limited: Registered UK Limited Company #06353140

Call base6: (+44) 01143 60 66 60

Email base6: contact [at] base6design.com