10
Jun
2008

Ack! I’ve been blocked by Google! (and what to do about it)

A few weeks ago, I got an email from Google saying that my site was full of spam, and that my site was being removed from the indexes. The email contains a sample of the spam words (in my case, it was viagra, cialis, etc) Sure enough, it turned out that my blog had been hacked to include lots of words/links that were made invisible via CSS. Pretty distressing stuff.

For those of you in the same boat, here’s what I did to remedy the situation:

1) Most of the damage was in the form of obfuscated code that made use of base64_decode(xxxx). To find this code, go to the root of your site and do a grep base64_decode -Rl ./* It should be pretty easy to use your judgment about what code to remove. This code was inserted into my theme files (found in wp-content/themes/ThemeName).

2) To be extra sure, do a Google search for the offending words on your site. (e.g., viagra site:kuwamoto.org). For me, this turned up another problem with the site, which was that URLs of the form http://kuwamoto.org/?aff=1234 were being redirected to a different site (selling pharmaceuticals, natch). This code wasn’t obfuscated with base64, so I didn’t catch it in step 1. In my case, it was an extra file, so I just blew it away.

3) Look through your posts, pages, comments, etc. In my case, one of the links on my blogroll had been compromised.

4) Upgrade your WordPress installation. As recommended in the WordPress documentation, I used the automated upgrade plugin which worked like a charm.

5) Follow the recommendations at http://www.noupe.com/how-tos/wordpress-security-tips-and-hacks.html and http://sitening.com/blog/2008/04/08/wordpress-security-vulnerabilities/.

6) If you are using a hand-rolled theme (as I was), make a copy of it somewhere so it is easier to restore if it ever gets hacked again.

7) Change your passwords, and make a promise to yourself to be good from now on (keep WP and other software updated to the latest version, use SFTP instead of FTP, etc).

7 Responses to “Ack! I’ve been blocked by Google! (and what to do about it)”

  1. Ken

    I had the same issue with a couple of my blogs hosted at blogspot. They told me I had site that were considered spam sites. I simply wrote the admins and they cleared it up or at least they took away the warning I had gotten.

  2. Joan Garnet

    Another extra step you can take is password protect your admin directory. So easy…
    For spam control use the great spamkarma.
    Cheers!

  3. Kentaro

    Agapiti Efi,se enimerono me ti seira mou oti o Oikonomou paolraakuse ton Bolano na erthei mia fora stin Korytsa epi 8 mines gia na dothei lysi stin ekei diaspasi,oso asimanti ki’an itan.Yparhoun kai dyo toulahiston epistoles tou proxenou gia ton logo ayto.O Bolanos den irthe pote sti Korytsa oso itan o Oikonomou,oute pote milise mazi tou sto tilefono oute apantise pote stis epistoles tou.Perimene opos fainetai na apofasisei o Doule ton diorismo tou Karamelo stin proedria tis OMONOIAS nyhta,tou megaliterou tyhodiokti stin Korytsa.Oso gia tin apografi,siga min milouse o Bolanos me ton Oikonomou otan den eihe milisei oute me ton Labrinidi!!!Poios sta eipe ola afta kai sy ta ehapses amasita?Giati den rotages prota enan Korytsaio poso kairo ehei na dei ton Bolano,an vevaia kserei poios einai..Nomizeis akoma oti ypirhe OMONOIA stin Korytsa prin ton Oikonomou?Ena matso symmorites itan pou pigainane tis vizes sto Proxeneio me to karotsi.Bravo tou pou tous ekopse ta ahamna kai tous evale stin trypa tous.Aftoi ton vrizoun simera pou mas ekanan na drepomaste pou imaste Ellines.An then itan o Oikonomou,oute enas then tha dilone Ellinas stin Korytsa.Tora dilonoun akoma kai mousoulmanoi pou then itan pote Alvanoi alla then eihan to tharos na to poun…Ton Oikonomou tha ton thymomaste panta giati efyge apo tin Korytsa ftohoteros ap’oti itan otan irthe,giati milise gia mas kai mas stirikse kai giati mporei na katastrepse tin kariera tou milontas gia tin VoreioIpiro kai ton vlahophono ellinismo ston opoio aniko kai ego.Kapoioi eksypnoi stin Dropoli as papsoun na asholountai me tin Korytsa pou then ikseran oute pou peftei ston harti prin milisei gi’aftin o Oikonomou(pou aftoapokaleitai Kamarinos me to deftero onoma tou ki’ohi Oikonomou opos ton theloun oi Alvanoi ap’tous opoious fainetai oti mathaineis gi’afton).Efi,katalave kai touto:an kaname apohi stin Korytsa oi Alvanoi then tha legane oti apehame,tha legane oti then yparhoume ki’o Kamarinos orgose ola ta horia tis periohis para ta sovara provlimata ygeias pou antimetopizei gia na min ginei kati tetoio.Eftyhos, oi anthropoi akousan afton ki’ohi ton Karamelo kai to topiko KEAD pou TOUS ESPROHNAN STIN ANYPARKSIA.Afta sta grafo giati vrethika konta ston Prokseno kai ton ksero poly kalitera apo sena kai ton Bolano.Tha sou po akoma oti poloi Korytsiotes pou then ton ikseran prosopika eklaigan ti mera pou efyge.Pistevo oti i istoria tha ton dikaiosei.

  4. http://www.ionicbathfootdetox.com/

    Thanks for sharing excellent informations. Your web-site is very cool. I am impressed by the details that you have on this site. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for extra articles. You, my pal, ROCK! I found just the information I already searched all over the place and simply couldn’t come across. What a perfect web site.

  5. cheap car insurance

    Har just köpt en Samsung UE46ES6575UXXE med wifi. Den hittar mitt trådlösa nätverk, men accepterar inte nätverkskoden. Jag använder mig av Netgear´s router som har några år på nacken. Vad göra ?28 oktober, 2012

  6. car insurance

    Thanks for contributing. It’s helped me understand the issues.

  7. sildenafil

    Global Information About this offshoot

Leave a Reply