Site got hacked

home of a content challenger

Site got hacked

Update 20-02-2008:

Google does not allow this content here. Because the original text holds the name of the domain providing the advertisement, Google decided my site linked advertisement. Effectively Google is censoring my webpage and blogging about malware now seems to be impossible.

So the site got hacked. My nice little site was turned into a spam site for ‘mobile ring tones’. Ring tones are not something I would normally write about. So here is the information I could find about the whole event.

First thing to note: I was running on WordPress 2.2.1. The current WordPress version at this time of writing is 2.3.1, so the first thing I will do after creating this post is update to that version.

The posts include a couple of links: original text censored by Google (I had to remove the name of the site, let’s pretend it was an info site about some ringtones-top). If I go to that link it tells me that the offer is not available in my region and it redirects me to (finally) a company called original text censored by Google (again posting this name puts me in danger of being marked as a malware site, it was a company called perfspot). For completeness sake, I will include the result of whois for both websites:

Domain ID:D20274359-LRMS
Domain Name: censored by Google
Created On:17-Oct-2007 12:13:32 UTC
Last Updated On:17-Oct-2007 13:08:31 UTC
Expiration Date:17-Oct-2008 12:13:32 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:A73F200DAE57EC01
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard
Registrant Street1:8939 S. Sepulveda Blvd. #110 –
Registrant Street2:732
Registrant Street3:
Registrant City:Westchester
Registrant State/Province:CA
Registrant Postal Code:90045
Registrant Country:US
Registrant Phone:+1.6613102107
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:4648f2c48efd4542a673de6b8b59afed.protect@whoisguard.com

AND:

censored by Google
1275 W. Washington St.
Tempe, AZ 85281
US

Registrar: DOTSTER
Domain Name: censored by Google
Created on: 14-AUG-06
Expires on: 14-AUG-08
Last Updated on: 28-JUN-07

Administrative, Technical Contact:
,censored by Google support@censored by Google
censored by Google
1275 W. Washington St.
Tempe, AZ 85281
US
888-311-7373

It seems that not every registrant at whoisguard.com is just avoiding spam here…

So let’s search google for this issue. A combination of censored by Google and wordpress shows there is indeed an issue with the version of wordpress I am using.

Seems the spammers used a bug in theme.php and feed.php. My logfiles only last 6 days so I will probably not be able to find out who has been posting the stuff 🙁

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.