Categories

Print this
« afewgoodpens.com home page
« Compressing Time with del.icio.us Daily Blog Postings
links for 2008-04-14 »

Change Your WordPress Admin Password!

For the past couple of weeks, I had noticed that most of the Google ads appearing on the home page of my site were for credit card offers, credit repair services, credit-no-matter-how-much-your-credit-sucks offers, and so on … and I was puzzled about why ads of that type kept appearing. Since the ads are supposed to be contextual, it didn’t seem like any of my posts supported them — especially when I would look at other pages and the ads did seem to reflect my post content very accurately.

I was doing some general cleanup on the site on Friday evening, and ran the site through an RSS feed validator to see how it fared. That’s when I saw errors referencing hundreds of links that I didn’t recognize. It didn’t take me long to track the links to my WordPress header.php file, where I found this:

header_spam

Click the picture to see it full-sized. It’s obvious to me now that Google was generating ads for my site based on this content. There were, in all, about 600 such links at the very end of header.php. I didn’t put them there, and I don’t know anything about the two sites you can see repeated throughout these links (nor did I try to find out). I removed the 600 lines of code from the header.php file, but on Saturday discovered that several hundred others had been added, referencing two different sites but similar content. In both cases, the blocks of code were surround by <font> tags that caused the text to be hidden.

If you want to see if this has happened to you, bring up your site and select View/Page Source if you’re using Firefox, or View/Source if you’re using Internet Explorer. In my case, the spam links always appeared at the end of the source listing, but you might want to page through the entire listing since I suppose they could appear anywhere.

After the second occurrence, I changed my WordPress admin password as well as my hosting login password. So far it hasn’t occurred again, but I can see that this is yet something I’ll have to keep an eye on. If I figure out how it actually happens, I’ll certainly share it here.

Leanne Wildermuth of Artist By Nature has written about the same thing, and it was from Leanne that I learned that the source of the problem was header.php:

Got Spam in YOUR Templates?

For now, I’ve also removed most of the ads from my site, except those for Amazon.com. I may not put them back….

Explore posts in the same categories: Site Updates, Technology, Blogroll

This entry was posted on Sunday, April 13th, 2008 at 1:22 pm and is filed under Site Updates, Technology, Blogroll. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site. Your comments will be moderated but will appear as soon as humanly possible.

12 Comments on “Change Your WordPress Admin Password!”

  1. Got Spam in YOUR Templates? | Leanne Wildermuth : Artist by Nature Blog Says:
    April 14th, 2008 at 5:34 pm

    […] Home and Personal Improvement…Stay tuned in your feedreader! 12 12 Comments Trackback | Permalink Filed under: Technicalities SHARETHIS.addEntry({ title: “Got Spam in YOUR Templates?”, url:”http://intricateart.com/blog/got-spam-in-your-templates/” }); Linky♥ Dale, YellowRose, Bob Walton, Tipper, Marcia, Renee, Sleeping Mommy, Taba, Lindsey, and All Adither! Similar topics (MSN Messenger)  (How to Contact Google.)  (Reci-Please!)  (QOTD - Spam)  12 Comments on “Got Spam in YOUR Templates?” […]

  2. beth Says:
    April 15th, 2008 at 6:10 am

    This has happened to my sites today. I’ve been struggling with it all day. I appreciate your article, it helps!

  3. Dale Says:
    April 15th, 2008 at 8:00 am

    Hi, Beth.

    Glad this article helped. Since I got it cleaned up and changed my password, I’ve been checking the code with View/Page Source or View/Source very day and so far, so good. If you find out anything more about how it happens, please let me know. I’ll do the same.

    Thanks for coming by!

    Dale

  4. Leanne Says:
    April 15th, 2008 at 8:11 am

    I am also being told that when upgrading - it is HIGHLY advised to completely delete everything but the wp-config file and upload the fresh upgrade to ensure any files that were hacked are gone and avoid future vulnerabilities. I have simple and detailed instructions on upgrading if you need them.

  5. Dale Says:
    April 15th, 2008 at 11:03 am

    Hi, Leanne.

    Please do pass along the upgrade instructions. I’ve hesitated to do it because there are some quirks with my web host (Yahoo!). They implemented WordPress by installing it for you, but then never upgraded it past version 2.0.2 (despite implying that they would). I’ve read of some users who’ve upgraded it successfully, but others who’ve had problems. Since I’m not a PHP or MySQL programmer, I don’t know if I could get out of trouble if something bad happened. And Yahoo! would probably not help.

    But … I have been compiling info on upgrading because I will do it at some point, so your instructions will surely help.

    Thanks,

    Dale

  6. William Teach Says:
    April 15th, 2008 at 7:59 pm

    Yikes! At least you were able to find it in your header file. I had someone hack in, and could never find the file it was in, but, it showed up at the end of the source code. Had to upgrade to 2.2 at the time to get rid of it, then deleted the entire WP backup file.

  7. William Teach Says:
    April 15th, 2008 at 8:00 pm

    PS: that font thing is a helper. Good catch!

  8. Been Hacked? Worried About It? Some Helpful Hints » Pirate’s Cove — Global Warming Rules! Says:
    April 16th, 2008 at 7:20 am

    […] Back in November of 2007, I mentioned that someone hacked my htaccess file, and did even worse stuff. Well, it seems that someone has done something similar to my good blog friend Beth at Blue Star Chronicles, as well as a few others, such as A Few Good Pens and Artist By Nature. […]

  9. locomotivebreath1901 Says:
    April 16th, 2008 at 7:47 am

    I’m sorry to hear about your ‘hack’ problems, but even more pleased that you were able to solve the frustration.

    Unfortunately, things like google, intenet explorer, word press, et al are high profile ‘hook’ targets simply because those things are so common.

    Might I recommend ~not using googlag ad sense advertising? Amazon is a good start, but there are many other high quality, reliable ad networks. Try here for ten good choices. I chose ‘Chitika’, but it’s your preference. I was simply tired of being ‘evil’.

  10. Dale Says:
    April 16th, 2008 at 8:24 pm

    Thanks for the excellent list of ad sources … I’ll definitely check them out. Thinking that if I’m going to run ads here, I’d like to make different choices than the usual ones and see how it goes … your list will come in very handy.

    Bye for now,

    Dale

  11. My blog ‘kena’ hacked at Sketchy Ideas Says:
    June 10th, 2008 at 4:44 pm

    […] I have surfed the net high and low for possible cause. Erm… actually I only surfed for 15 minutes before I can find several blogs, A Few Good Pens and Intricate Art who undergo the similar experience. […]

  12. Leanne Says:
    June 11th, 2008 at 9:20 am

    Hi Dale,

    I see you’re still waiting on that upgrade - here’s the link:
    http://intricateart.com/blog/how-to-upgrade-wordpress/

    It includes a link to a newer plugin that auto upgrades in just a few very simple steps. :)

Comment: