[wp-hackers] Porn links in google cache

Justin W Hall justin at justinwhall.com
Fri Jul 15 16:11:27 UTC 2011

Got a chance to scan the infected site. Found many of the usual Pharma  
suspects base64_decode functions, base64-min.js files, eval etc...  
Looks as though they live mostly in plugin folders child function files.

Haven't scanned the database yet. Ugh.

On Jul 15, 2011, at 3:07 AM, Chris Taylor - stillbreathing.co.uk wrote:

> Hi Justin,
> I got hacked with this last year. It's a nasty one, but (touch wood)
> my site seems OK at the moment). I wrote a short article about it with
> some useful links:
> http://www.stillbreathing.co.uk/2010/11/21/wordpress-pharma-hack/
> Hope you get it sorted.
> Chris
> On Thu, Jul 14, 2011 at 4:20 PM, Justin W Hall  
> <justin at justinwhall.com> wrote:
>> Hey folks-
>> It's been brought to my attention that when a site a recently  
>> worked in is viewed via google cache, there is a whole list of  
>> mostly porn related links that have been added to the bottom of the  
>> pages that obviously do not exist on the page. My questions:
>> 1) how does this happen? Host related malware?
>> 2) what us the best way to go about fixing this.?

More information about the wp-hackers mailing list