My Blog Was Hacked And What I Did About It

Usually when people think of sites getting hacked they get images of major mayhem where site owners no longer have access and things can be so bad that every shred of information is corrupted or lost. Well this post is to warn you of another form of hacking, hacking by stealth where individual posts have links inserted that you do not know about.

One of my regular readers, Donace who has an interesting post on how to get your backlinks indexed quickly, let me know yesterday that my sexual aids blog had ‘broken or some sneaky links have been slipped in‘. Upon checking it out I found he was absolutely right and not only the particular post he pointed me to as every single post had two links to a pharmaceutical site inserted into it.

It took me all morning to go through each post to remove the links. Some were more difficult than others as they were messing up my amazon links and had to extracted carefully so as to not damage the amazon links. The wankers even inserted two links into my blogroll! Sure it could have been a lot worse, they could have wiped the blog, although I do have backups, and caused other damage, but even so it’s an awful feeling to have someone invade your personal property like that.

Dia 122: DesbloqueadoThe only way they could have done it was by getting access to my dashboard. Once I removed all those links I changed my passwords. I also remembered a post Mitch did about securing your blog where he mentioned the Limit Login Attempts plugin. I should have installed then and there but I didn’t because I was sure no one would crack my password. How wrong was I? Now if anyone has more than three attempts at a password they get locked out for twenty minutes. After two lockouts they get locked out for 24 hours. I get notified after the first lockout so that I can see what is going on.

While writing this post I have attempts from the same IP address on two of my other blogs. Who knows how long this has been going on for, at least I know now that my blogs are more secure than they have been in the past.

I urge everyone to check their posts to see whether or not their blog has been compromised. Let’s face it, how often do you check your posts to see if any links have been added? Perhaps this hacking by stealth is the latest method used by these despicable  swines to improve their ranking in the search engines. It would probably be a good idea to tell others you know about this so they can be aware of the situation.

Please follow and like:
3
2
1k
LINKEDIN
Digiprove sealCopyright secured by Digiprove © 2011
Previous Post

11-Inch MacBook Air Review

I am writing this post on my brand spanking new 11-inch MacBook Air. I'm not ... Read more

Next Post

Put A Firewall Up To Protect Your Blog From Attacks

I usually wait awhile before doing update posts so the original post gets to be ... Read more

Peter Pelliccia

I'm an Aussie blogger who loves to blog and share everything that I've learned on my blogging journey, including blogging tips and ways to blog for money. I am also trying to make my way on YouTube. You can follow my progress by subscribing to My Bonzer Channel.

This Post Has 85 Comments


  1. Twitter:
    A couple of years ago a hacker added a bunch of hidden keywords and links buried below my footer. They used the same font color as the background so I hadn’t noticed. These were very profane keywords and links too. Not very good for your search engine authority. They also used an encrypted file so it took a very long time to figure out how to remove the porn links.

    1. I had the same thing happen on one of my sites. What a pain.

      I’ve just had a couple of emails saying that there were attempts on two of my blogs and they were locked out. Without this plugin they would just keep on trying. I suppose now they will move onto blogs that don’t have it installed.
      Sire recently posted…How To Score & Have A Sexy Valentine’s DayMy Profile

  2. I’ve long wanted to install that plugin on my sites, but when I tried it once on a local server, it just, without warning, messed my site making me unable to get into the dashboard.

    Maybe I’ll try to test that plugin again. Perhaps it’ll work this time.

      1. I just tried it on my local server. It works. I realized it was the ‘login lockdown’ plugin that didn’t work the first time I tested it. Thanks Sire, I’ll be installing it on my sites. This plugin feels like adding a thick extra wall of protection to my home. :)

          1. Ok, successfully installed. :) Whew!

            Hey, btw, when I installed thru the dashboard, there were several other plugins that were shown, including of course the login lockdown. Then there also was this WassUp plugin! I thought you’ve gone the plugin authoring way. When I checked it out, it actually was a plugin by Michele Marcucci and Helene Duncker. In case you’re interested to check it out, the wassup plugin site is at wpwp.org. :)

            1. Hey, they named a plugin after me? Must be pretty good then huh? :laugh_tb: Reckon I should check it out, thanks James.
              Sire recently posted…11-Inch MacBook Air ReviewMy Profile

  3. Its a pain and a half; I had it done on the The Nexus a little while ago when I was a bit less diligent with my backups. Luckily Hostgator jumped in and helped me salvage it with an internal backup but still cheesed me right off.

    Though Glad I could help.

    1. It was a pain. The hacker posted two links on every post as well as two in the blogroll. I don’t know if he did it with the aid of a script but even so it would have taken awhile as you have to wait for each post to load, edit and then save before going onto the next one.
      Sire recently posted…Do You Want To Outrank The ProbloggersMy Profile

      1. It most likely was an automated script which took only a few moments to spread through your site (it’s a virus).

        It’s called a pharma attack.

        There are a number of ways the hacker could have gotten in (SQL Injection, brute force cracked your password, hacked one of your other social sites which uses the same login as this site, hacked your hosting company, …..)

        I created a mini course on securing your blog against hackers. If it’s okay with you, I’d like to leave a link to one of the tutorials in the course (it’s day 10 of the course) which will show you how to keep an eye on your sites for this sort of thing so you can act swiftly.

        http://media.securemyblog.com/course-day10/3765.htm

        Using this tutorial, you will be alerted within 24 hours of a typical pharma attack.

        Also, be sure to install the WordPress File Monitor plugin. It will tell you which files on your site were changed.

        1. Not a problem leaving that link John, I think it will be of great use to myself and my readers.

          You’re probably right about it being a script as some of those links were left in the middle of my Amazon links which were harder to extract and more time consuming.
          Sire recently posted…Do You Want To Earn Money WritingMy Profile

  4. Hi Sire,

    Sorry to hear you got hacked. I have a couple of blogs that got hacked too (last year). Most of these were installed with Fantastico. Ever since I switched to manually installing WordPress, didn’t experience any hacking incident since.

    Oh, also for everyone who owns a blog, it would be a good idea to change the ‘admin’ user and change it to something else.

    -Jeedo

  5. wow, I have never heard of a site being hacked this way.. I guess its high time I install the limit login attempts plugin myself.. this is a mind blowing type of hacking.

    1. It’s good that you are aware and taking steps to prevent hacking, but realize this plugin is just a start. It will not prevent other forms of hacking, such as SQL Injection, which is the most common form of WordPress hacking, if you ask me.


  6. Twitter:
    Being hacked is such a pain. Not only does it cause damage (however minimal) that can give you a headache in your efforts to repair your account, but it makes you feel like you’ve lost your sense of security. So glad you found a solution that will make prevention much easier!

    1. I just discovered that someone hacked one of other blogs as well. Now all my blogs have the plugin installed and I’ve changed all the passwords just to be on the safe side.
      Sire recently posted…11-Inch MacBook Air ReviewMy Profile

  7. Hi Sire,
    My sympathies are with you.
    This type of hacking is new to me. I usually rely on backups of my blogs just as a step to be secure from any abnormality like this.

    1. I have backups as well, the problem was I did not know when the attacked occurred as everything was working fine, just that there were links in the post that I didn’t place there. Unless you physically check each post you won’t know that you were hacked.
      Sire recently posted…My Experience With Real Writing JobsMy Profile

      1. Check out the WordPress File Monitor plugin so that you can be notified.

        Also, if you’re really concerned someone is getting into your dashboard, you can use the Blue Trait Event Viewer plugin to monitor what’s going on in your dashboard and view who is logging themselves in.

        You can also make it so the plugin cannot be disabled through WordPress’ plugins area, only in your hosting account.

        1. Do you think that they still may gain access even though I’ve changed password and user name and have install the limit login plugin?

          1. Yes anything is possible. The problem is you don’t really know how they got in.

            It is possible that it wasn’t your WordPress that was hacked, but rather your FTP (if you use it). In that case, no amount of security you put on your blog would help you if they hacked your FTP.

            Make sure to change your FTP info and use SFTP or FTPS rather than unsecured FTP.

            There could be any number of other ways they get in. The best you can do right now is add security to your blog, change all your logins, and set up a system to monitor everything.

  8. Obviously a pain in the neck. They say we should change passwords regularly. But really, what were they hoping to achieve from hacking into your blogs?

    peter
    peter petterson recently posted…Weapons of mass imaginationMy Profile

      1. That’s exactly right. They want to USE your site, why destroy it… what good is that?

        Also, once hacked their tradition is to leave your blog easy to be hacked into by the next guy or girl.

        Not only do they want to use your blog for free links, but sometimes they want to use it to download viruses to people’s computers. Then the virus could make someone’s computer do whatever they want (even give them free access).

        How many people do banking from their computers or keep passwords to all their sites in a Word document?

        1. Hi John, thanks for visiting my blog and helping out my commentators. I’ve installed the firewall plugin you recommended. I will be doing a followup post and I will be linking to your blog. You have a hell of a lot of useful information that people should know about.

          As to passwords on my computer, their all recorded on my KeePass program so they will need to crack that first to get to them. That should make it a little harder.
          Sire recently posted…11-Inch MacBook Air ReviewMy Profile

          1. My pleasure Sire. Note though that my blog is located on a different domain from my security website.

            It’s a topic I’m very involved in, glad you wrote this post to help spread awareness.

  9. Sometimes we forget some basic stuff regarding security and make the site easily accessible for the hackers.

    1. Unfortunately, the easy targets are the ones who have no idea this is a problem.

      I teach people how to secure their blogs and the people who buy my product are the ones who have ALREADY been hacked (i.e. been taught the lesson the hard way).

      Newbies (after they learn there is a problem out there) usually think that since their blog is small and doesn’t cause any waves online that they are not a target.

      Nothing could be further from the truth. Many times the hack is automated.

  10. Hire Sire
    This is a great plugin to protect you against brute force attacks – once they’re in to your admin, they can do what they like.

    Anyone interested in WordPress Security should Google “John Hoff”.
    John writes some great security articles and produces very easy to follow videos.

    Glad it wasn’t this blog Sire.
    Keith Davis recently posted…Oscar Speeches and the 3 G’sMy Profile

      1. Hi Sire
        I came across John’s blog whilst I was setting up my blog. Haden’t got a clue what I was doing.
        He highlighted the security issues of wordpress and helped me a lot.

        John is one of the good guys on the web.

        For great info on wordpress firewall take a look at John’s post…

        http://wpbloghost.com/blog/2-easy-ways-to-set-up-a-wordpress-firewall/

        Free plugin worth having.
        Keith Davis recently posted…Great Speeches in FilmsMy Profile

        1. I had a look at that post. Very interesting and I left a comment and whether or not I install it all depends on his reply.
          Sire recently posted…11-Inch MacBook Air ReviewMy Profile

          1. Answered.

            What do you think?

  11. Hi Sire

    Sorry to hear the hackers got to your blog! How horrible. Their efforts would be better put to more useful exploits. It is the thing all bloggers dread. I wouldn’t know where to start so thanks for letting us know what happened to you and how you fixed it Sire. Appreciated.

    Patricia Perth Australia

  12. Checking each post to investigate if there is some suspicious looking link is not quite possible for a site which hosts a myriad of posts and for someone who regularly has new write-ups. I always change my passwords once a week but I’m not sure that is the only solution!

    1. Actually Juan, once they have access they can do pretty well what they want. They actually posted links on every post on both my blogs.

  13. Pretty nerve racking to have your site hacked, glad you did not get all the data destroyed. That plugin will sure come in handy for me as well.

  14. hi Sire
    being hacked is so much painful.. must say, a hell of a experience you had. could you please tell me how you are keeping backup of your blogs…

  15. Can you publicly post the suspicious IP?

    1. I suppose you could. It’s not like I owe them anything. So far the following IP’s have tried to access my blogs.
      81.176.228.64 Tried to access two blogs
      217.114.235.217 Tried to access three blogs

    1. Truth be told Jerry, I didn’t use KeePass for my blogs but I reckon I’m going to have to change that.

      Thanks for those links mate.

  16. Holy cow! Talk about sneaky and low! I suppose it’s unthinkable because honest people would never consider something like this, so it’s always amazing what the despicable swine will think of next.

    Just amazing. I’ll definitely be letting others know about this!

    Delena

    1. Yeah, I think it’s good that we let as many people as possible know so they can be better prepared.

  17. Having the latest version of your CMS or Blog Platform (i.e WordPress) is another easy and essential step against hackers.

    1. Actually it wouldn’t help in this situation as these turkeys worked out my name and password to get into my dashboard. Once there they created havoc.
      Sire recently posted…11-Inch MacBook Air ReviewMy Profile

  18. Being the security concious (ie paranoid) fellow that I am, when Mitch talked about that plug in, I slapped it in place quickkly. I have noticed several emails stating that So-and-so had applied for membership. I don’t show the meta widget anymore, so these were people who know where the admin log-in screen lives, not some random passers-by who mistook it for a mail list sign-up.

    Now I’m REALLY glad that I installed it!
    Thanks for the heads up. I bet they were Klingons!

    1. Yeah, damn Kilngons. :guns_tb:

      I think I will do a followup post that will include two other important plugins for increasing the security of all WordPress blogs, so watch this space.

  19. Usually companies/people insert links in the comment they leave on a blog, but i didn’t know that things can become so much worse. Need to check this!

    1. Leaving links in comments is more than acceptable as long as the blog owner is happy to accept that. Breaking into a person’s blog and hijacking the posts is not.
      Sire recently posted…My Experience With Real Writing JobsMy Profile

  20. Hello Sire,

    I actually had the same problem as you but they didn’t inserted any links into my website, but they did changed the my adsense publisher id. They were cashing in the money I should have earned, and they kept doing it for something like 2 weeks before I noticed a sudden drop in revenue.

    Now the bad thing about this is that adsense although has a policy against this they don’t tell you if they took any measures against that hackers adsense account or he just cashed in.

    I think you should also check some of your affiliate links, you never know if he changed something there too.
    Alex recently posted…Urmarire FBIMy Profile

    1. Thanks for the tip Alex. I actually did check those links as I had to go through each post individually anyway.

      Lucky you found out they hacked your account fairly quickly. Most people would have just thought it was a downturn in traffic.

  21. Hi Sire,
    It sure pays to be cautious, but there are times even the most cautious ones fall victim to these hackers. Thank you for sharing us your experience about this and about the Limit Login Attempts plugin. I actually use the Login Lockdown plugin – It records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently, the plugin defaults to a 1-hour lock out of an IP block after 3 failed login attempts within 5 minutes.
    I sure don’t want hackers invading my blog, even if it’s just a fairly new one. Even if I only have a few posts there, I have put in my efforts and precious time in there.
    Thanks for sharing!
    Johanna recently posted…The 5 Most Disgusting Foods in the Chinese ZodiacMy Profile

    1. The one I use is very similar. It also records the IP address as well as the user name I’ve set it to lock them out for 20 mins after three attempts and then 24 hours after two lockouts.

  22. To avoid this situation, I think limiting IP Address access to our wp-admin will be great. If not mistaken, we can do it via our htaccess.

    1. To do that you need to know which IP’s to limit access to. This plugin will notify you of them.

  23. A couple of years ago a hacker added a bunch of hidden keywords and links buried below my footer. They used the same font color as the background so I hadn’t noticed. These were very profane keywords and links too

    1. You should check my followup post Eric as it has something that may help prevent that in future.

    1. Two links in every post TJ plus two in the blogroll. Some seemed to be strategically placed but still not sure if it was done by some low life human pig or a script. Either way there was a pig in control.

  24. owh it’s such a pain.
    a good thing about our blog has been hacked is that we’ll give more attention to upgrade our blog security.

    by the way, thanks for your info about the limit login attempt plugin. i have never heard about that before
    Affan recently posted…Oh Tidak! Laman Oh Artis digodam!My Profile

  25. I was in a similar situation a couple of years ago. But it was with a myspace friend adder I had. But the person committing the “attack” was the script creator (go figure). So he knew the loopholes and deleted users and added his profiles as featured.

    Btw, what script/platform and plugins were you using on your other site? I’m just curious to see if maybe my platform or plugins could be target.

    1. Naturally I was using WordPress with your normal plugins, such as commentluv Platinum SEO etc, nothing out of the ordinary. Now I’ve added a few more to ensure it doesn’t happen again.

  26. Great tip off. I used to have some websites (non-wordpress) that were getting injected with viagra links, while in others appeared some frames that opened some malicious websites that would infect a visitors computer with viruses. Nasty stuff – in my case, the exploits were coming via some contact form hacks.

    1. The plugins are one of the many things I love about WordPress, it makes blogging so much easier, not to mention safer.

  27. It sucks, right? I just read your other post about the wordpress firewall and left a comment.
    My hacker actually changed every file which had “index” in the name, and inserted some html to advertise his skills. Had a laugh in the first 0.01 seconds, then the pain set in.

    1. It does suck doesn’t it, but unfortunately shit happens and it’s our job to make things as difficult for these people as possible.
      Sire recently posted…Blogging! Why The Hell Do We Do ItMy Profile

  28. The better solution would be locking up some suspicious IP address with your cPanel. It will add some thing more in your security.

  29. They are getting craftier and craftier everyday. That is why everyone should make a backup of all their files consistently just in case of situations like these. And making sure that our network protection is up to date and protecting us from threats.

Comments are closed.