![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
<p id="displayer" style="display:none">
CD and DVD films available for download at <a href="http://my-movie-download.com/">dow
The evil little snippet above says that humans won't be bothered with the link, but search engines will notice it. Also, the following was actually inserted into my theme's
index.php.
<form id="srch" name="srch" style="overflow:hidden;width:0pt;height:0
DiVX and DVD films available at <a href="http://my-movie-download.com/">dow
</form>
Just like the prior snippet, humans won't see the link, but search engines will.
It's hard to describe how annoying this is. Somebody/bot found a way to compromise my blog's directory and its database. I only sftp and ssh to the site. (Although in the past I have ftp'ed. No more!) I thought I chmodded the wordpress files to -rw-r-----, but I see now that there are more extensive write permissions in some directories.
I checked the last few logins, but they were all mine this month. (And my host clears the log every month.) I have to monitor the situation closely.
Ye gods, the referrer spam goons are aggressive! Aargh!
Comments
*sigh*
Will have to watch it for a while...
Edited at 2008-01-26 04:11 am (UTC)
Which file did you wind up finding the offending text in? I've been diving through various index.php files and I haven't been able to find their muck anywhere!
I think it might be in a MySQL record then, I did go through all of the php files for my theme and didn't find a thing. The SQL tables are the only other place to go looking, and DH hosts the database, so it's an adventure to go mucking around in there.
edit: Ah HAH! Looks like I got it. With a little help, of course. So the offending PHP call was sitting in my headers.php file right under my nose (I saw it, but thought it looked natural) and killed it. Had to also dive into the database and clean up the PHP call from the database as well (along with a couple hundred bogus rss_% option names in the wp_options table). Checked my other blogs and they looked clean. Wierd! I don't even know when it got there...anyway, this was a huge help:
http://robertogaloppini.net/2007/12/1
I think I'll keep that bookmarked. XD Now maybe I can beg the Google gods to start indexing TTVF again...
Edited at 2008-02-23 05:13 am (UTC)