so everyone sees this. how to see if you are hacked: clear your broswer cache. google your site name or url and click it though google. if hacked it will redirect. it is a tricky hack as when you type the url in your browser it seems fine. google wp-info.txt to find out more and for a solution or check with the wp support forum. check out the traffic stats of the site it redirects to: alexa.com/data/details/traffic_details/sattan dot org probably hundreds of thousands of blogs are affected. looks like the hack began around the 24th according to alexa.
This hack (or better: vulnerability) is known for a few months already, affects older wordpress installations, but it looks like there is a new flood of exploiters again. You are absolutely right, especially if you have loads of sites it can stay undetected for quite a a time and really hurt your business.
Thanks for this one. I've heard a lot about wordpress hacks but not really sure how to tell if it was happening so cheers
Strange, Only 2 results after a site:sattan(dot)org search, Google's cache of the first result. And the second result wonder how widespread this is? Alexa rank of 9,403 for yesterday. EDIT: use this tool to check your site: http://www.unmaskparasites.com/ I found it on the wordpress support forum http://wordpress.org/support/topic/220840 Cheers James
This particular hack works by checking the referrer in the HTTP header. If it's from www.google.com then it runs it's code. Otherwise, if you just type in the URL, it displays what you want. From Google = what they want. From URL = what you want.
Hi, Except for this WordPress hack, there had been a surge of .htaccess exploits last week that redirected search engine traffic to fake anti-virus web sites. All sorts of web sites were affected (pure html, WordPress, Drupal, etc.)
Thank you for this post. My blogs have been hacked and I'm working on the solution right now. I'll let you guys know.
Here's a fix that I did to one of my sites that got it back going... Went into my PHPMyAdmin and deleted values in my wp_options that were similar to 'rss_867bd5c64f85878d03a060509cd2f92c' ... there were a couple of values similar to this. Next, I went to wp_users and deleted the additional invisible user that was created. The login name for this user was 'Wordpress' Then I upgraded to the latest version of Wordpress. This fix has worked so far. I am now recieving Google traffic once again. I'm not so sure its the "correct" fix but it's okay for now.
Well it certainly seems to have made a fair impact on the blogging community. 6 month Alexa spike 7 Day spike. The graphs have not been updated since the 28th November. Wonder where it will stop.. This is how widespread it has become in such a short time. Not sure how they plan to benefit from the traffic, if they try to monetize it, wouldn't that lead the authorities straight to them? Cheers James
Ouch, is the security breach fixed in the latest wordpress update? Thanks tattoos for the parasite scanner url. Nasty but very clever. If this guys monetization skills are as good as his hacking skills are, he will soon be taking a bath in a sea of gold.
Dman.. almost all my blogs at Hostmonster are hacked. Thanks to the original poster for bringing this up.
You know what is ever lamer and make problem for people it is the That just give you the same answer what ever link you put in so they can scare you and click some links.... sucks ! thanks tattoos you sucx! YEAH it was me that gave you RED!!
@Yellowberry.org: Did you mean http://www.unmaskparasites.com/security-tools/find-hidden-links ? I don't have a "w3." subdomain on my site. ;-)
w3 is written many times if you want to prevent the link benefit. (eg. you don't want the domain owner to find the referral url, or if you simply don't want to pass any value to that website)
Yesterdar got 4 site hacked thru wordpress blogs Link to the hacker "victories" http://www.zone-h.org/component/option,com_attacks/Itemid,45/filter_defacer,InjeCtion MasTer/