2.7 upload directory had a spam injection

  • A demo site (off my main domain) has recently been compromised so I thought I’d point it out in case anyone else has had a similar experience.

    Basically someone’s uploaded a LOAD of spammy html pages directly into my WordPress uploads directory. They also took the trouble of creating a sitemap.xml file in there too that listed all these rubbish spam files, and then submitted it to various search engines.

    I only even noticed I’d been hacked at all because in my Google Webmaster Tools I saw the “URLs restricted by robots.txt – 246”. I thought this unusually high for my site and upon looking at the list of 246 files saw hundreds of files like “https://www.tmrw.co.uk/demosite/wp-content/uploads/2007/topic-1022.html” indexed – files I’ve never uploaded or personally put on my site. I had a look on my server and there was indeed a whole other website living in my uploads directory.

    Thankfully https://www.tmrw.co.uk/demosite/ spider crawling was restricted by my robots.txt file and therefore hasn’t been indexed properly (although google webmaster tools does now tell me the most common words it sees on my site are C*sino, S*x, L*sbian etc – which is a load of rubbish), and I asked my host to immediately delete all these spam files from my server.

    So problem solved, spam removed.

    Except I’m not sure how it got hacked in the first place. Permissions on https://www.tmrw.co.uk/demosite/wp-content/uploads/ were set so only my server can write to the folder, no ftp access etc, and I’m pretty sure no one manually logged into my demo site and uploaded the 1000’s of files via the wordpress media uploader, so how they got in there I’m non the wiser. All my passwords etc are randomly generated 20 digit strings too, so guessing them seems out of the question?

    What’s also confusing is that I thought I was the only one who knew about https://www.tmrw.co.uk/demosite/ at all, I’d not submitted it to any forums etc and my robots.txt was restricting indexing just in case. All I can think is that someone saw what directory’s I was trying to restrict with my robots file and went after one of them.

    Anyway, keep an eye out on your uploads directory, protect it the best you can and make sure no one’s making an evil little nest of spam in there.

    Rich

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘2.7 upload directory had a spam injection’ is closed to new replies.