Yesterday, whilst browsing one of my regular blog reads on my PDA, I saw something that wasn’t quite right. Above all of the actual blog content were dozens of links with various financial terms. I was out for the day and didn’t have access to my computer until the evening, but when I returned I went to the blog in question using Firefox and saw that all appeared okay even though my PDA was still showing the spammy-looking links.
There were two possibilities, I thought. Either there’s a problem with my viewing i.e. my PDA or Internet connection had been compromised or there’s something not-so-obvious going awry with the blog. Since I couldn’t see any other sites affected in the same way, I decided the latter was actually the case. Looking at the underlying web page source code in Firefox confirmed this. Near the bottom of all of the legitimate source code was this:
The reason why nothing appeared to be out of the ordinary when viewed using a standard web browser was because CSS was being used to prevent the injected links from being displayed. That doesn’t mean that they’re not there or that search engines can see and index them. Using the Firefox Web Developer plugin to disable CSS for the current page showed what was underneath the CSS cloak:
Why you should upgrade to WordPress 2.5
If you’ve been wrangling about whether to upgrade or not, then consider the consequences of leaving your blog unpatched such as Technorati refusing to index compromised blogs. Even big names have been affected by the hacking of insecure blogs.
Also, if you’re using a freely distributed blog theme then you might want to check that too in case it’s been laced with code that will allow unscrupulous others to take over your website.
I’m off to upgrade all of my pre-2.5 WordPress blogs!
I’m seeing blogs like this too. Google Reader shows the links up, which is one reason why I’m subscribing to all my sites just to keep an eye on what comes through on them.
Of course I’ve also upgraded to 2.5 anyway
Just to add, now I know which blog you were referring to, seems like subscribing doesn’t always work!
It’s a right pain in the ass, Sarah. I wonder if anyone else has come up with a clever way of detecting when a blog’s been compromised in some way.
Perhaps some sort of automated check to compare checksums of theme files?
I knwo which blog too!
The way to instantly see this type of attack is to notice when your bandwidth triples or quadruples – I thought the reason for this was something else entirely, bnut it was because of 500k worth of invisble links.
Ah well – shit happens – should have upgraded as soon as the advisory came out – I’m a lazy b.
But then sometimes, it pays to hold off installing new releases, at least until the issues are ironed out.
And then there will be times when the updates are released too late.
Maintain regular backups!
I didn’t even know you could have your blog hacked!
How bad is that I am straight over to get my blog upgraded.
Elly,
If you’re referring to your blogspot blog then you don’t need to worry about it. You wouldn’t be able to upgrade the software anyway. The hacking in question is targetting blogs based upon the WordPress platform.
I haven’t upgraded yet but now I’m gonna after seeing this.
Hi Jenny,
If you’re going to be upgrading then you may as well upgrade to WordPress version 2.5.1 that was released today.
Another day, another upgrade!