My Compromised Blog

<p id="displayer" style="display:none">
CD and DVD films available for download at <a href="http://my-movie-download.com/">download movies</a> site, cheap prices and fast downloading.</p>
The evil little snippet above says that humans won't be bothered with the link, but search engines will notice it. Also, the following was actually inserted into my theme's
index.php
.
<form id="srch" name="srch" style="overflow:hidden;width:0pt;height:0pt" method="post">
DiVX and DVD films available at <a href="http://my-movie-download.com/">download movies</a> portal, low prices and fast downloading.
</form>
Just like the prior snippet, humans won't see the link, but search engines will.
It's hard to describe how annoying this is. Somebody/bot found a way to compromise my blog's directory and its database. I only sftp and ssh to the site. (Although in the past I have ftp'ed. No more!) I thought I chmodded the wordpress files to -rw-r-----, but I see now that there are more extensive write permissions in some directories.
I checked the last few logins, but they were all mine this month. (And my host clears the log every month.) I have to monitor the situation closely.
Ye gods, the referrer spam goons are aggressive! Aargh!
Comments
- Changed password.
- chmodded the WordPress directories and files.
- Disabled ftp access. (sftp still works!)
- Inspected system with both Ad-Aware and Spybot S&D.
Will have to watch it for a while...