Lately, one of the contact forms on a Web site I run has started to get hammered with spam form submissions. The spam submissions appear to be able to defeat common CAPTCHA programs (those things that won’t send a Web form unless you type a blurry, wiggly word to show that you’re a person, the idea being that a computer has trouble reading the word).
Interestingly, these spam submissions seem to go to sites that are just fine; ordinary, everyday sites, most but not all running WordPress, with no spam in sight. The majority of the sites that aren’t running WordPress are, naturally, running Joomla.
Of course, being the suspicious bastard I am, I immediately suspected a subtle attack like the one I talked about in October of 2010, where modifications were made to the main WordPress loop PHP file that would serve up ordinary blog posts to ordinary visitors and serve up redirectors to spam if the visitor was a search engine or if the visitor came from a search engine.
And sure enough, a quick Google search showed I was right.
Here is one of the spam submissions I received on my contact form:
wkgFqTcoAqy
Where do you come from? <a href=”
http://www.construction-accident.us “>cheap stendra</a> helpings of Peninahâs food are hard to resist. Peninah also runs the store in the Miti House 2. This is a major
If you visit the site
Ah, but now let’s see what Google sees!
The site has been hacked and the main WordPress loop has been tampered with. When Google looks at the page, keywords advertising prescription drugs are inserted into the page’s code.
If you click on the link in Google, you’re sent to
I downloaded the page using wget (a terminal-based Web downloader) and looked at the file that was downloaded. Whenever the hacked site sees Google as the referrer, it modifies the page by adding pharmacy keywords to the Title tag:
<title>Buy Stendra Online | Construction Accident|Oil Rig Explosion|Dallas|Texas|Gulf Mexico|Construction Accident Lawyer|Construction Accident Lawyers|Construction Accident Attorney|Construction Accident Attorneys|Construction Accident Law Firm|Construction Accident Law Firms</title>
and then it inserts the following code after the WordPress header:
<div class=”post”><p>stendra</p>
</br><p>avanafil</p>
</br><p>stendra for sale</p>
</br><p>stendra (avanafil)</p>
</br><p>stendra side effects</p>
</br><p>stendra dosage</p>
</br><p>stendra vs viagra</p>
</br><p>stendra online</p>
</br><p>buy stendra</p>
</br><p>buy generic stendra</p>
</br><p>generic stendra</p>
</br><p>stendra generic</p>
</br><p>where can i buy stendra</p></br>
<p>cheap stendra</p></br><p>order stendra</p></br>
<p>stendra price</p></br><p>stendra cost</p></br><
p>stendra cost per pill</p></br><p>stendra coupon</p></br>
<p>stendra order</p></br><p>stendra online</p></br>
<p>stendra avanafil</p></div>
You can see this if you do a Google search for
site:
and then look at the cached version of the first hit.
So that’s how the attack works. WordPress sites are hacked. The WordPress files are modified so that ordinary users and the site’s owner are not aware that anything is wrong. The site continues to look and work as normal.
But oh, people who find your site by using Google? They see ads for fake pharmaceuticals! If they visit your site from Google, they get redirected to God knows where.
There are a lot of sites that have been hacked this way. I’m getting buried under a blizzard of spam Web form submissions advertising WordPress sites that have been hacked.
A partial list from the last few days includes:
accutane site:
Once again, if you are running a WordPress or Joomla site, it is absolutely essential that you keep on top of all security patches PROMPTLY and that you use very strong admin passwords.
With this hack, it’s likely that you could be hacked and never even know it–at least until Google starts flagging your site with a “This site may be compromised” tag.
But? At least you know where to get sketchy pharmaceuticals?:P
K.
But? At least you know where to get sketchy pharmaceuticals?:P
K.
*wild applause* 😀
*wild applause* 😀
@emanix:
I’m sorry for my inconsiderate comment. Yes, I was distracted while reading, but that is no excuse. I have no excuse. I will try to be less thoughtless.
@emanix:
I’m sorry for my inconsiderate comment. Yes, I was distracted while reading, but that is no excuse. I have no excuse. I will try to be less thoughtless.
GoDaddy’s server security has been poor, but I have not seen any evidence that their encryption certificates are poor. If the security certificates are the only thing that’s provided by Godaddy, that would not seem to be the issue. If, on the other hand, the sites are also hosted by Godaddy, it’s possible that might be the issue (though it’s probably more likely that the problem lies somewhere else along the chain, most probably with a PC that’s been infected with malware).
GoDaddy’s server security has been poor, but I have not seen any evidence that their encryption certificates are poor. If the security certificates are the only thing that’s provided by Godaddy, that would not seem to be the issue. If, on the other hand, the sites are also hosted by Godaddy, it’s possible that might be the issue (though it’s probably more likely that the problem lies somewhere else along the chain, most probably with a PC that’s been infected with malware).
Sadly, these examples are not hypothetical. In fact, they’re depressingly common. Look, for example, at all the complaints on dating site message boards from men who say things like “I keep emailing all these women and they never write back! I DESERVE replies! It’s just COMMON COURTESY!” Or look at Rush Limbaugh’s comments about how women who expect coverage for contraception are “having so much sex [they] can’t afford the contraception… If we are going to pay for your contraceptives, and thus pay for you to have sex, we want something for it, and I’ll tell you what it is. We want you post the videos online so we can all watch.” Or, if you really want to be depressed, do a Google search for “Rebecca Watson elevator,” and see how the entire Internetverse flipped out when Ms. Watson suggested that hitting on her in elevators was not appropriate.
There is, alas, a great deal of awfulness in the way men relate to women. This post was, if anything, fairly tame. For example, a comment left on a pretty straightforward post about rape culture reads,
Sadly, these examples are not hypothetical. In fact, they’re depressingly common. Look, for example, at all the complaints on dating site message boards from men who say things like “I keep emailing all these women and they never write back! I DESERVE replies! It’s just COMMON COURTESY!” Or look at Rush Limbaugh’s comments about how women who expect coverage for contraception are “having so much sex [they] can’t afford the contraception… If we are going to pay for your contraceptives, and thus pay for you to have sex, we want something for it, and I’ll tell you what it is. We want you post the videos online so we can all watch.” Or, if you really want to be depressed, do a Google search for “Rebecca Watson elevator,” and see how the entire Internetverse flipped out when Ms. Watson suggested that hitting on her in elevators was not appropriate.
There is, alas, a great deal of awfulness in the way men relate to women. This post was, if anything, fairly tame. For example, a comment left on a pretty straightforward post about rape culture reads,
https://imgflip.com/i/7d8nb
no, but the entire programming profession represents the entire programming profession. and the track record? ain’t all that hot.
no, but the entire programming profession represents the entire programming profession. and the track record? ain’t all that hot.
Pricing for the digital versions is not yet set, but it won’t be the same as the print edition.
Pricing for the digital versions is not yet set, but it won’t be the same as the print edition.
Super. But omitting to tell the whole truth is just as bad as telling full out lies.
Women did indeed have a hand in creating programming and nobody is questioning that if they are sane. Bit did women invent it? No. People did, women and men, working together. Grace Hopper was incidentally the first to create a fully working compiler but was not the only person working on the science behind it.
Personally I welcome women, but I will not cater to them like they are a special first class citizen. They are welcome to program, they are welcome to work on projects with me and I will happily help them on theirs, but cater to women is just plain wrong and flies in the face of the equality movement anyhow.
Super. But omitting to tell the whole truth is just as bad as telling full out lies.
Women did indeed have a hand in creating programming and nobody is questioning that if they are sane. Bit did women invent it? No. People did, women and men, working together. Grace Hopper was incidentally the first to create a fully working compiler but was not the only person working on the science behind it.
Personally I welcome women, but I will not cater to them like they are a special first class citizen. They are welcome to program, they are welcome to work on projects with me and I will happily help them on theirs, but cater to women is just plain wrong and flies in the face of the equality movement anyhow.
It’s a miracle email is still around. I think it’ll be like gopher and telnet some day.
K.
It’s a miracle email is still around. I think it’ll be like gopher and telnet some day.
K.