featured post

More information on Pharma Hack on WordPress

UPDATE:  This is an update post – the first one can be found at Pharma Hack Fix for WordPress.

Its been a fun few days as I have been “fighting” with a hacker/black hat SEO person trying to use my blog to sell viagra.  But my friend David and I were able to catch the, with their hand in my wordpress cookie jar.

How did they do a Pharma Hack on WordPress

Basically they compromised the server somehow – I have not figured out which method yet. But it appears they have/or had FTP access.  There were two files uploaded:  auto.php, keyboard.php and one item modified: wp-load.php.

Each day the hackers upload a new version of the file.

So, for the first 2 days I left the FTP the same…I just wanted to see how the hacker was gaining access.  I didn’t figure it out – but I simply changed permissions and that didn’t help.   Tonight I changed the FTP password – so we will see if that helps.

How to fix the Pharma Hack on WordPress

I’m not sure I know yet.  The first thing I have done is add a 301 redirect from auto.php and keyboard.php to my latest post regarding this issue.

RewriteRule ^auto\.php http://tomaltman.com/more-information-on-pharma-hack-on-wordpress?da=1 [R=301,L]
RewriteRule ^keyboard\.php http://tomaltman.com/more-information-on-pharma-hack-on-wordpress?da=1 [R=301,L]

This will allow me to capitalize on the hack and not allow the hacker to steal all the traffic.

Stay tuned

We will see how this comes out – I need to inspect the plugins – it seems like it is the obvious solution.

Thanks for reading.