TGIF (XI) | Home | Bucking Euro Trend a Bad Bet

November 24, 2007


Spam Links Mysteriously Appear in Footer

I’d like to thank reader “Donk” for pointing out the hidden spam links cluttering my footer. Somehow it gets inserted at the highlighted section of code - php wp_footer(); - see enlarged screenshot below.


Click to enlarge

I just deleted that line of code which didn’t mess anything up and gets rid of the spam. Does anyone have any insight into how this happened?

This entry was posted on Saturday, November 24th, 2007 at 3:15 pm (utc+8) and is filed under Internet/Media.

14 Responses to “Spam Links Mysteriously Appear in Footer”

  1. r said:
    November 24th, 2007 at 3:48 pm

    in short, looks like you were hax0red. i saw something similar at: http://justinsomnia.org/2007/08/search-engine-marketeers-are-the-new-script-kiddies/

  2. r said:
    November 24th, 2007 at 3:49 pm

    er, i don’t own that site, i just read about a similar problem there.

  3. C. Maoxian said:
    November 24th, 2007 at 3:58 pm

    r: Thanks for the link. I still don’t understand how it happened.

  4. eyal said:
    November 24th, 2007 at 5:45 pm

    Interesting, I didn’t have those links. My traffic probably doesn’t even warrant a scripted hack lol

    You might want to upgrade your WP, the new releases always address some security issues.

  5. C. Maoxian said:
    November 24th, 2007 at 6:41 pm

    eyal: Can you explain how a “scripted hack” works?

  6. eyal said:
    November 24th, 2007 at 6:48 pm

    I’m no expert on this but to my understanding these guys seek vulnerabilities in the code and file permissions, they’ll scan the web for sites using WP versions or themes with known security holes and exploit those.
    On second thought and a couple of google searches this may be a theme related issue: http://wordpress.org/support/topic/139455

  7. C. Maoxian said:
    November 24th, 2007 at 7:54 pm

    eyal: Thanks. That help thread is only a month old so it looks like a recent problem. Be nice if I could close the hole in WP or in my theme that they’re exploiting … I’ll update WP when I get a chance.

  8. Joseph said:
    November 24th, 2007 at 10:44 pm

    Make sure you aren’t using an old version of WP-Supercache

  9. Tom the Burninator said:
    November 25th, 2007 at 2:56 am

    CM: that screenshot of your page source showing the link spam, was that from your overall index page or just from the footer page?

  10. C. Maoxian said:
    November 25th, 2007 at 11:40 am

    Tom: The spam links are generated in the footer and the footer appears on every Wordpress page.

  11. C. Maoxian said:
    November 25th, 2007 at 12:01 pm

    Joseph: Thanks. I never installed Supercache. (I don’t think so anyway.)

  12. Tom said:
    November 25th, 2007 at 8:28 pm

    CM: I mean when you showed that screenshot of your page source code that had the spam links in them, was that source code from the footer page or the overall main index page? Like when I view your site right now and I open up the source code for the page, do the spam links show on the bottom then?

  13. C. Maoxian said:
    November 25th, 2007 at 8:35 pm

    Tom: Since I removed that line of code, no spam links will show up on any page … if I put that line of code back in, the spam links will show up on every page when you look at the source code.

  14. Tom the Burninator said:
    November 26th, 2007 at 1:13 am

    Ok, that’s what I wanted to know. Thanks

Post your opinion