Why?

When ever I talk about websites, I usual starts and end with “The most important thing, when it comes to websites, is that you need to keep it updated”. Well, I guess that has a double meaning today…..

Yesterday I spent quite some time updating a WordPress site. Just the normal updates, and fixing some design issues. But when I tried out the rss2 feed, I kind of got surprised. In almost every post, there where huge amount of link to Movies, Porn, other none-sense websites. But I couldn’t seen it when I surfed the site…. After a bit research I found that there where huge amounts of; “style=”display:none”. Posted in all kind of formats, using form, div, p, tags…

After doing some more research, I found out that they actually managed to put their malicious code in every post and one every page on the web page. How the !”#!$%! was I gonna fix this… I actually started removing it by hand…. but found out quickly that this was going to take forever. Then I downloaded the sql file, to look for patterns. Maybe I could simple do a ‘search & delete’. But I got to give it to them, they have been clever. There was to many combination. As I already said, they used different types of tags, and they inserted the malicious code in random place (not exactly, but nothing that would make a search&delete easily work).

Cruising through the website via ssh, I came over and old script I made, and a directory with backups of the database! Doing a quick check of all modified post/pages, I found out that most modification had been done in the last couple of days. A week old backup of the sql, cleared out 99% of my problem, and I got away with manual editing three pages… So the I’ll say it again. “Update your web page, to get your visits, and update your site code so that you don’t get visited by the wronge people…” And better safe then sorry, do backup!!!!!!

Leave a Comments