.orgWhy You Should Subscribe to Your Own Feed…in Google Reader
New here? Be sure to subscribe to the RSS feed so you don't miss anything!
I was reading MindValley Lab’s latest post in my feed reader this morning and noticed a set of 19 very spammy links right after the first paragraph:
<div style=”left: -2700px; position: absolute; top: -3600px”>
<a href=”http://www.johnnybrendas.com/wp-content/kamagra/index.html”>25mg kamagra</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/kamagra/map.html”>kamagra</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/kamagra/about-kamagra.html”>about kamagra</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/kamagra/adresse-kamagra-belgique.html”>adresse kamagra belgique</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/lasix/index.html”>12.5mg lasix</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/lasix/map.html”>lasix</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/lasix/200-lasix.html”>200 lasix</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/propecia/index.html”>0 buying propecia</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/propecia/map.html”>propecia</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/propecia/1-4-propecia.html”>1 4 propecia</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/soma/index.html”>0 dreampharmaceuticals online order soma</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/soma/map.html”>soma</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/soma/1-buying-online-soma.html”>1 buying online soma</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/soma/1-online-soma.html”>1 online soma</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/zithromax/index.html”>1 g zithromax</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/zithromax/map.html”>zithromax</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/zithromax/1000-single-dose-gono-zithromax.html”>1000 single dose gono zithromax</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/zithromax/1000-single-dose-zithromax.html”>1000 single dose zithromax</a><br />
<a href=”http://www.johnnybrendas.com/wp-content/zithromax/1g-zithromax.html”>1g zithromax</a>
</div>
Thinking it was part of what Amir was trying to communicate, I kept reading. Turns out, though, they weren’t part of the post at all, and knowing the MindValley Labs folks, they weren’t put there on purpose. “Typical WordPress hack,” I thought.
Digging deeper, though, I realized this hack had two interesting twists to it. First, the links had been inserted directly into the post, not into the footer of the site (or elsewhere). Second, you can’t actually see the links on the site.
Why? Notice the style attribute on the <div> tag. It positions the <div> way off screen. Looking at the post on their site, there’s no evidence that anything is amiss.
Reading the post through Google Reader, though, the links are more than obvious because Google Reader doesn’t respect the styling. They show up right in the post where they’re placed.
Do other readers show them, too? Not sure. I’d love to hear from others who use something besides Google Reader before MindValley fixes the problem. (I’ve let them know about the hack, so it should be fixed soon.)
Al Carlton
July 16, 2008 at
12:30 pm
One of my blogs was hacked the exact same way, bastards! It was actually Google that informed me of the problem, if I’d read the feed more I’d of known a lot sooner. Fullpost about it on SMM, which reminds me I need to do a follow-up post on that.
Mike
July 17, 2008 at
12:23 am
Yes, thanks for the heads up. We are now looking into it and will hopefully get this under control very soon.
Tom Gray
August 1, 2008 at
10:20 am
I believe that this is a security error in WordPress that the latest version corrected. See this article for additional info: http://www.techcrunch.com/2008/06/11/my-blog-was-hacked-is-yours-next-huge-wordpress-security-issues/. The latest version of WP corrects the issue but, like Windows, the installed base of WP users is so huge that it’s too enticing a target for hackers and rogue seo’ers to leave alone. By the way, if you’re using WP, a great plugin that makes updating your version a piece of cake is at http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin.html.
Melanie Phung
September 4, 2008 at
4:00 pm
That’s a really good point. For the same reason, obsessively checking your rankings can give you a heads up that something is wrong. When you go from #1 to nowhere in the SERPs for a term, you can almost guarantee your site got hacked. Check your code for divs set to “display: none”, plug your hole, and file for reinclusion.