Your Blog Might Be Hacked

April 8th, 2008

Tony Hung over at Deep Jive Interests is doing some extremely worthwhile “investigative blogging” and uncovering some sinister blog hacking that essentially turns your blog (specifically, WordPress installs) into a spam machine. It’s “sinister” because the hackers leave your blog be, so you continue posting as you normally would, unawares that you’re displaying spammy ads and link juice to unworthy sites.

Please read Tony’s first article: Breaking! TailRank Exposes Massive Number Of Blogs Hacked and UPDATE: Has ZDnet Been Hacked As Well?

You may be wondering, how can one tell if their WordPress install is hacked? YugaTech has some tips, the most critical ones I’ll reiterate below.

• Look critically at your blog pages in a browser and see if there are any ads or links to sites you most certainly didn’t put there.
• While in a browser, do a View Source Code. Look for any strange links to sites you don’t recognize, more specifically in the header or footer code.
• Popular and free themes can have PHP scripts intended to be manipulated remotely. Really look at the code to see if there are any “hooks” — I would imagine URLs pointing to scripts stored on other domain names.
• Look in your “cgi-bin” directory to see if there are any odd scripts on your server.

Other tips I can recommend:

• Work on a local copy of your theme and upload it periodically, replacing what’s on your server. Hackers would be hacking the online copy, and not the one on your local machine.
• Update to the latest version of WordPress — as of this writing, 2.5.
• Periodically change your WordPress password.
• Read Deep Jive Interests.