WordPress.org

Ready to get started?Download WordPress

Forums

2.7 upload directory had a spam injection (2 posts)

  1. monkeyfight
    Member
    Posted 5 years ago #

    A demo site (off my main domain) has recently been compromised so I thought I'd point it out in case anyone else has had a similar experience.

    Basically someone's uploaded a LOAD of spammy html pages directly into my WordPress uploads directory. They also took the trouble of creating a sitemap.xml file in there too that listed all these rubbish spam files, and then submitted it to various search engines.

    I only even noticed I'd been hacked at all because in my Google Webmaster Tools I saw the "URLs restricted by robots.txt - 246". I thought this unusually high for my site and upon looking at the list of 246 files saw hundreds of files like "http://www.tmrw.co.uk/demosite/wp-content/uploads/2007/topic-1022.html" indexed - files I've never uploaded or personally put on my site. I had a look on my server and there was indeed a whole other website living in my uploads directory.

    Thankfully http://www.tmrw.co.uk/demosite/ spider crawling was restricted by my robots.txt file and therefore hasn't been indexed properly (although google webmaster tools does now tell me the most common words it sees on my site are C*sino, S*x, L*sbian etc - which is a load of rubbish), and I asked my host to immediately delete all these spam files from my server.

    So problem solved, spam removed.

    Except I'm not sure how it got hacked in the first place. Permissions on http://www.tmrw.co.uk/demosite/wp-content/uploads/ were set so only my server can write to the folder, no ftp access etc, and I'm pretty sure no one manually logged into my demo site and uploaded the 1000's of files via the wordpress media uploader, so how they got in there I'm non the wiser. All my passwords etc are randomly generated 20 digit strings too, so guessing them seems out of the question?

    What's also confusing is that I thought I was the only one who knew about http://www.tmrw.co.uk/demosite/ at all, I'd not submitted it to any forums etc and my robots.txt was restricting indexing just in case. All I can think is that someone saw what directory's I was trying to restrict with my robots file and went after one of them.

    Anyway, keep an eye out on your uploads directory, protect it the best you can and make sure no one's making an evil little nest of spam in there.

    Rich

  2. cafefrenzy
    Member
    Posted 5 years ago #

    I had the exact same thing happen to me. Have you found a fix for this issue?

Topic Closed

This topic has been closed to new replies.

About this Topic