WordPress.org

Ready to get started?Download WordPress

Forums

Home page hacked - suggestions please! (4 posts)

  1. v2006
    Member
    Posted 5 years ago #

    Hi,

    This page contains 100s of spam links
    homefinders.com/blog/

    What do you advise to secure the blog besides updating to the latest version?

    What should I chmod the wp-content directory to so I can still add content but be secure? (it's now 777)

    How do I remove the current spam links?

    Thanks

    Here's Google's email(slap) I received about it...

    "While we were indexing your webpages, we detected that some of your
    pages were using techniques that are outside our quality guidelines. This appears to be because your site has been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.

    In order to preserve the quality of our search engine, we have
    temporarily removed some of your webpages from our search results.
    Currently pages from homefinders.com/blog are scheduled to be
    removed for at least 30 days."

  2. mrkingid
    Member
    Posted 5 years ago #

  3. rawalex
    Member
    Posted 5 years ago #

    Okay, I looked at your blog.

    Your wordpress install is out of date. 2.3.2 has security issues that would allow people to edit your posts and add the links (which are easy to spot in your case). I think that if you check your posts, you will find that the individual posts have these links in them.

    This post: homefinders.com/blog/gainesville-va-single-family-homes-priced-350000-to-500000-gainesville-virginia-real-estate/

    Has hundreds of spam links in it, all to the same place. Edit the post and see if those links are actually in the post (you should edit in html mode and not visual mode)

    Clean up the posts, and upgrade to 2.5.1, and that particular security breach might go away.

    If you have phpmyadmin, you could scan your posts for links to that particular spam domain, which might make it easier to see which posts have the spam in them. Typically they only touch about a half a dozen or so posts per blog, but sometimes more.

  4. v2006
    Member
    Posted 5 years ago #

    Thanks alot for checking

    A couple of follow up questions before I upgrade

    1. What are the correct permissions for wp-content so it is secure but still allows content/images to be posted from admin?

    2. How do I scan posts in phpmyadmin?

    I've removed the links in the post you mentioned
    couldn't find them in any other posts.

Topic Closed

This topic has been closed to new replies.

About this Topic