I was viewing a friend’s website on my Blackberry the other day, when I noticed a bunch of random unrelated links above his header. There were Viagra links, Honda links, Cialis links, Acai links…etc. You name the affiliate link, and it was probably there. When I visited his site on my laptop, those links were nowhere to be seen.
Several months ago, I had a similar problem, which my developer diagnosed as some sort of code injection. This was attributed to my not upgrading to the latest WordPress version (currently 2.8.4). Basically when security flaws are found, WordPress closes those holes in the next edition, and site owners need to upgrade ASAP. Because hackers and other malicious people can then learn what security flaws were found in the previous version, they can exploit those flaws in blogs and websites that aren’t running on the most recent version.
In any case, it can be a bit tricky to remove the cause of the malicious links, but it’s important to do so, otherwise your site is leaking “search engine link juice,” and those links can be harmful. This doesn’t even consider that other areas of your site may have been attacked, which can cause other problems. Simply upgrading to the newest version of WP may not help, as the malicious code will still be there.
One of my the best things for me is that the person who manages the technical side of my blog is knowledgeable about programming and WordPress, and he has been able to help me with errors (both human error and a malicious hacking attempt). If you don’t know of a capable person, it would be wise to find someone smart that you trust who can help you at a moment’s notice. There are also plenty of resources on the web that can help you, but sometimes the fixes are complicated.
Always be on the look out for strange things that happen with your blog’s performance and layout, and if you notice something funky, don’t just cast it aside. Search Google, Twitter, and WordPress to see if other people are facing the same issues. Stay on top of WordPress or other platform updates and security warnings, and you may help prevent damage to your website.
http://www.davidedicillo.com/developing/how-to-secure-your-wordpress-blog/
Although many use WordPress, this type of hacking is not only limited to WP sites, but other sites as well. I had wrote about a sneaky hack job that was done to one of my sites and it is not a WP ran site currently. http://www.dotweekly.com/2009/09/11/the-hidden-hacker-redirecting-some-parts-of-site/
The basics of what I wrote in my post, the hacker redirects “some” parts of your site to their site, parking page, affiliate program etc. At times, visiting the domain of your site simply redirects you to the hackers site.
@Elliot
Here’s a few more tips that I wrote about earlier this year:
http://toomanysecrets.com/wordpress-security-tips/
I had a similar thing happen a few months back on one of my sites that would redirect search engine queries.
For example someone searched google or yahoo or msn for “cheap travel to Tajikistan” and your site was listed, if the searcher clicked your link, they would hit your site and be redirected via a bogus .htaccess file.
The issue and it’s fix are documented here:
http://blog.unmaskparasites.com/2008/12/05/bogus-antivirus-2009-htaccess-exploit/