-
Posts Tagged ‘cloacking’
- Dec 1st, 2007
-
Matt Heaton BlueHost HostMonster CEO Official Blog Hacked
Dec 11 2007 - Matt Heaton Blog’s has been cleansed. ATM he’s using latest version of WordPress (2.3.x). And also most of the blogs lists in this articles has been upgrade.
Jan 26th, 2008 - Seem like bluehost engineer did a bad job at cleaning, the goro spam is back.
Just after the recent issue on wordpress.com.cn now there is new wordpress imitater. A remote spamware injection by wordpress.net.in
I was reading one of Matt Heaton posted 2 days ago when I found bunch of spamsware link on his wordpress footer.
Matt’s is using default wodpress theme (kubrick) with single javascript for adsense. The only way the spams can get in is probably via php injection or by manual editing. All the spamware is redirect to howardowens.com/?order=XX page.
Lookup for howardowens.com
The below diagram explained the lookup results for howardowens.com. click on the image to enlarge.
Surprisingly the spammer website is also host by bluehost.com (69.89.16.0/20,74.220.192.0/19 ,69.89.16.4 -> box183.bluehost.com). - Nov 30th, 2007
-
How to Remove Wordpress.net.in Spam Injection
I found this while browsing WordPress support forum, some of these victims update their default_filters.php and upload class-mail.php inside their WordPress without being aware that it’s a backdoor (wordpress.net.in). There is no class-mail.php in WordPress except class-phpmailer.php. So don’t get confuse by it.Below is a quick workaround on how you can removed the offending goro spamware injection before Google banned you from the internet pipes.
