See All Topics

Home / Section: Daily Cartoonist

Security lock down: How will it affect you?

Twice this week, spammer were able to exploit the site to inject code into the blog. I’m still trying to ascertain the full scope of what they were able to do. At the moment, it appears limited to inserting code into a file that is read by search engines and sends search engine traffic to their sites. I’ve cleaned that up (twice!), but it’s become very apparent, I need to be much more strict on security.

Today I deleted several hundred users. I took a draconian approach and may have deleted your account. If I didn’t recognize the individuals name or email, I deleted the account. The only people who need an account are:

  • Individuals who frequently post comments OR
  • Plan on submitting full blog posts

If you need/want an account (because of any of the two reasons cited above), please check to see if it’s still active. To keep the account you need to do a couple of things. Log and make sure you have entered in your first and last name (see screenshot below). Any accounts without a first and last name by next weekend will be removed.

Thanks all for your patience and support.

Community Comments

#1 Tom Richmond
April/18/2010
@ 5:20 pm

Alan- What made you aware of the inserted code?

#2 Alan Gardner
April/18/2010
@ 8:49 pm

A reader emailed me and told me that when they searched on “daily cartoonist” on Google, the result was “DrugStore || Viagra for sale || Online Pharmacy Viagra for sale. Online Drugstore. Good price and 100% Quality only at $1.15 per Pill of Viagra. Canadian Pharmacy – Anti-Recessionary Prices & Fast …
dailycartoonist.com/ – Cached – Similar”

I had cleaned that out earlier in the week – but somehow whatever bot inserted it earlier still had access. I’m quickly becoming less and less a fan of WordPress.

#3 R Pyle
April/19/2010
@ 8:45 am

If this happened to you, it’s probably an Iframes Exploit.

Older versions of WordPress are subject to this hack.

Upgrade your WordPress, and look into installing this plugin:

http://wordpress.org/extend/plugins/exploit-scanner/

#4 R Pyle
April/19/2010
@ 8:46 am

Also, do you have the capacity to read each php file and delete the offending code in each one (which is usually at the top)?

That’s what it took when it happened to me a couple of weeks ago.

#5 Jeremy Creecy
April/19/2010
@ 12:42 pm

Does akismet not catch that?

#6 Clay Jones
April/19/2010
@ 3:27 pm

Sounds like that may get your website more traffic. $1.15 for Canadian Viagra!!!

#7 Tom Pappalardo
April/20/2010
@ 7:11 am

have you checked your referrer links? I’ve been getting a few hits from a site called qq829 or something like that, which I googled and discovered is some chinese site doing malicious deeds. I am under the impression that my askimet plugin is catching spam to the comments section, but what you’re describing sounds worse. when you say “inject code”, do you mean something beyond the comments section?

#8 R Pyle
April/20/2010
@ 9:14 am

It’s not spam as one would see in the comments section, so no, akismet wouldn’t catch it.

This is an exploit that actually injects lines and lines of code at the top of the php files. Some browsers won’t see the links it causes, others will, but they will come up in search engines.

The only way to really get rid of it is to go into each file and manually remove the code. It’s a pain.

#9 DOuG pRATt
April/23/2010
@ 8:11 am

WordPress plug-ins can themselves be a problem. A few years ago I tried a plug-in for comment searching that disabled comments for every post up to that time. Another plug-in exposed the MySQL database, and it was blown away, forcing me to restore from a backup.

Sorry, the comment form is closed at this time.