Support » Fixing WordPress » RSS feed spam

  • Resolved micasuh


    This is so strange. I have a custom RSS feed that I’m using for feedburner. When I do a Feed Validator check, I’m coming up with a ton of spam at the end of the feed after the closing rss tag. All of this spam is coming from, however, the author has already removed all of this spam from his site.

    Take a look at the validated feed link. Sometimes, you won’t see the spam at the end. At other times, you will.

Viewing 4 replies - 1 through 4 (of 4 total)
  • BTW, I have no reason to believe the site has been hacked. There’s no spam comments on the site, I’ve locked down all the directories with the correct CHMOD permissions, and I don’t know how these links are only occurring in the RSS feed and not the website.

    Could this be a SQL Injection attack? If so, why just the RSS feed? When someone subscribes to the feed using an application like Google Reader, they do not see any spam.

    Oh wow, this is more than just RSS feed spam. However, it wasn’t visible to me until I viewed the site logged out.

    This also seems to be happening specifically to cached pages using WP Super Cache plugin. All recent pages that are cached are appending a series of links for drugs coming from an old attack.

    They only appear on the HTML versions of these pages, which are the cached pages. Nothing seems to be affected on the dynamic pages.

    Here’s a possible explanation of what’s going on.

    Even after flushing the cache, every time a new cached page is created, the same links are injected and appended to the cached page. I have checked all my theme files and do not see any screwy code in there.

    It looks like there’s some code that was injected into wp-blog-header.php file. It’s in base 64 and is a VERY long code injection. How did this happen?!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘RSS feed spam’ is closed to new replies.