Support » How-To and Troubleshooting » Online Payday Loans Code Injection hack

Online Payday Loans Code Injection hack

  • Came across a little BlackHat SEO injection yesterday , just wanted to share it and see if anyone else has experienced this.

    found the following code in HEAD.php

    <div id='hideMe'> <p><i> Online Payday Loans <a href="http://[ You really don't have to share that link ]">Online Payday Loans</a></div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script><div id="wrapper">

    also found the following user added as an Administrator

    systemwpadmin / systemwpadmin@wordpress.org

    Had the guys at Sucuri clean the site ( awesome service ! ) and it appears that only the HEAD.php file had the injection

    WordPress is up to date
    plugins up to date
    theme up to date
    Hosting is 4G by Godaddy
    No default admin account
    password for admin and DB are 18 character alpha numeric

    thought I had all my bases covered with the above but somehow the code got in

    just curious , any thoughts as to what the attack vector could have been ?

Viewing 13 replies - 1 through 13 (of 13 total)
Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Online Payday Loans Code Injection hack’ is closed to new replies.