Dammit, this blog has been hacked again!

MSNlive
Despite what MSN’s search engine thinks, I am NOT hawking drugs on this site…

(UPDATE: Since initially posting this, I’ve learned a bit more. The plot thickens…)

My friend the SEO maven Brett Borders just alerted me to some disturbing news. Apparently, Microsoft’s search engine thinks this blog, which I’ve run since 1998, is drug spam.

Brett got tipped to this by a Mar. 25 Search Engine Journal story, Hackers Forcing Sites to Cloak Search Engines with Link Spam. The screen grab illustrating that story showed Contentious.com near the top of a list results from a “linkfromdomain search on MSN so I can prove that, indeed, there are over 2,000 links FROM Twitter pointing TO pages about Viagra.” I just repeated that search, and sure enough my domain is on that list — showing spam content that somehow has been hacked into my site.

I also just searched Google for references to Viagra from my domain, and saw that Google is caching that same spam content for my home page as well.

As far as I can tell, this spam content has been inserted my home page as well as at least three recent posts. Obviously, this WordPress blog has been hacked again. Like I didn’t have enough troubles with this last fall.

This is annoying, and could be potentially damaging to me. I’m on a deadline and don’t have time to delve into why this is happening, but would appreciate tips for Contentious readers about why this might be happening and what, if anything, I can do to stop it. I’m getting really tired of this, and hate that I only find out about it via third parties.

Got any suggestions before I can dive into this myself? Please comment below.

Thanks!

4 thoughts on Dammit, this blog has been hacked again!

  1. Patrick, I really don’t think that’s the solution. In the 11 years I’ve been running this site, I’ve switched blog platforms several times. That’s why my archives are a mess, and why inbound links to many of my older posts don’t work.

    Switching to a new blog platform is a HUGE time-consuming hassle, it always creates more problems, and EVERY platform has weaknesses and vulnerabilities.

    There are many, many things I like about wordpress. I don’t want to switch. I just want to learn how to operate it as safely as possible.

    – Amy Gahran

  2. First: The offending text-links are most likely in your footer.php file. get rid of them.

    Second: Backup your database.

    Third: Upgrade WordPress to 2.3.something

    Fourth: Read this and do #2.

    Fifth: Can’t remember where I read this, but open up header.php and remove the meta generator tag with the version of WP in it.

    Sixth: Change your FTP password, just in case.

    Drama. Sigh.

  3. Pingback:   Typepad: Often the best choice for serious but non-geeky bloggers — contentious.com

Leave a Reply

Your email address will not be published. Required fields are marked *