Tiffany Washko

I have had a rough month being a WAHM this month. If you recall my blog was hacked and my search engine traffic was being redirected to a spammer site. I thought that was the end of it….but the saga continues. I have several blogs and of course they targeted my main blog (not this one)…my bread and butter blog so to speak. After I got rid of the anyresults.net hack I thought I was in the clear but I wasn’t.

A few days later a fellow blogger emailed me to let me know that his own blog had been hacked and spam was being injected into his blog invisibly. You could even look at the source code and not see a darn thing. He found the links by analyzing his blog with CURL and the links all went to my site…aka buy your viagra here and then a link to my blog…only there were 30+ plus links for all sorts of spammy products and drugs. Of course he went to my blog to see if I was the spammer who hacked his blog and of course found nothing..until he looked at my blog with CURL and saw I was hacked too. He was nice enough to email me and let me know.

I hoped he was wrong but since I didn’t know how to use CURL I couldn’t verify. Then I did two things to test. I went to Google’s Webmaster Tools and looked at the keywords they had indexed for my site and sprinkled throughout were the spammy keywords. Then I searched for “viagra and my URL” and TONS of links had been indexed. I was dangerously close to getting banned by Google for being a spammer and in fact I have met several people during this fiasco that didn’t catch this hack until they did get banned.

Also, via a tip to use CRON from a Mom Masterminds member (LOVE that group) I ran a CURL string:

curl –user-agent Googlebot + URL

This verified in a way easy for me to see, where the links where. I was still shocked when I saw them for the first time though. They all pointed back to my own site. The overall goal of this hack is get you banned from search engines…perhaps so the spammers can rank better for the SERPS you currently hold. They are knocking out the competition. Oh and they added new Adsense info at the bottom of the page, maybe even siphoning my Adsense commissions.

So…..the blogger who emailed me also gave me a link that helped resolve the hack. There is a lot of info there but only some of it applied to my situation. For instance some of these hacks involve code directly implanted into your theme files but my situation was a little different. My hack was disguised as a plugin and not one that you could see in the wordpress dashboard. Sprinkled all throughout my files I found what looked like image files or regular php files:

filenames “*_new.php” , “*_old.php”,. “*.jpgg”, “*_giff”

They were all coded hack files and there was over a dozen of them…back doors to keep open so the spammers could keep accessing my site. They would make a plugin run under the radar that would inject the spam links. I had to check wp_options in my database and see what was listed under active plugins…I found the culprit there, deleted the code and deleted what I thought was all the files. I also deleted all my users and there were a few suspicious ones there and I scrubbed the database. Case closed.

Or so I thought. A couple days ago I checked Webmaster tools again just for the heck of it and guess what…the hack was back. So I just cleaned it up AGAIN…and did an even more thorough search. I only found one file that I think I missed the first time but one is all it takes. Now I have CRON being run to check for spam injection links every hour on the hour and the results are emailed to me. It is a pain but I am not going to let this go unchecked again. Just today I think Google cleared out the last of the badly indexed files although some phantom keywords still show in Webmaster tools…I hope they go away soon.

Soemtimes it is not so fun to be a blogger and Internet Marketer…especially when you are being sabotaged.

Share This

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!