Twitter Phishing and the Pharma Hack
Hey nerds, this one's for you!
Hackers are all up in my shit. First, it started with a Twitter spambot that direct messaged me from a friend's account. The message read, "You seen what this person is saying about you? terrible things.." and it was followed by a link to what looked like Twitter's login page but it was hosted at this URL: tivvitter.com. (Don't go there.)
I'm not sure what the scammer's endgame was, but clearly the first step was to get users' Twitter login info. And I'd love to say that I was too smart to fall for their shenanigans, but in reality I was simply too lazy. I clicked the link, but when I saw the login, I didn't feel like typing in my username and password from my iPhone. It wasn't until later that I realized it was a dummy login page with a non-Twitter URL.
Spammers - 0
JJ - 1
Then in a completely separate incident, I got a very helpful comment from xensen, one of The Churning's recent visitors (Thanks!). They let me know that my site was hit by the Pharma Hack. As instructed, I Googled it to learn more.
Basically, hackers get into WordPress sites through the weak security of certain plugins. Askimet is a common entry point. In my case, I think they got in through a plugin called WPRef. I don't remember what I thought the plugin was supposed to do, but when I opened it up to look at the php content, the file was almost entirely script instructions for opening up my WordPress security to outside code.
After that, the hackers were able to re-write the meta for my highest ranking pages. They added various drug brand name, which only really revealed themselves via Google. If you were to view the pages themselves as a typical user, they looked perfectly fine. Check out this Google search which still shows the offending meta entries (as of Jan 16).
So I followed the Pharma Hack removal instructions from Pearsonified: I cleaned up my plugins directory, deleting all files for all currently unused plugins. I installed the latest version of WP. And I omitted all of the lines of hacked code from my active database.
Only time will tell if I did it all correctly. Google's spiders will reindex my site in a matter of days or weeks. And hopefully all the meta will look like it's back to normal. If not, I'll do a deeper dive into my currently active plugins. Wish me luck.
Spammers - 0
JJ - 2
Support our advertisers
Recent Posts
- Stripped Bikes
- What not to do during a job interview
- Search Strings – Porn that will make you sick
- Twitter Phishing and the Pharma Hack
- Vegetarians are weird and unhealthy and stupid
Subscribe via Email
Feedback
Recent Comments
- the fk id dis shit about anyway??? on How Often does a Normal Person Masturbate?
- the fk id dis shit about anyway??? on How Often does a Normal Person Masturbate?
- Derek on How Often does a Normal Person Masturbate?
- MacBros on Stripped Bikes
- roxanna on What do Guys Think of Inverted Nipples?
Blogs
- Adventures in Blah Blah Land
- Avitable-isms
- Bacon After Dark
- Captain & Coke with a Lime
- citynoise.org : Philadelphia
- Idle-Ranting Revisited
- MacBros’ Place
- My Life as Rocky’s Dad
- Randi’s Random Rantings
- String and Timekeeping
- The Airing of Grievances
- The Finest Kind of Pork
- The Omnipotent Poobah Speaks!
- The Pop Eye
Friends
- An Artist’s Journal
- Martha Brooks Marshall
- Martha Brooks Marshall – absolutearts.com
- Molumbus
- Premium Horticultural Oil
January 16th, 2012 - 17:02
Wow! you’re popular enough for them to waste their time on your site! You should feel honored!
I’m on my 3rd hack now…
Pain in the ass isn’t it?
January 19th, 2012 - 11:33
now i’m confused as to where i can find pills for my man meat. the churning was my one stop shop for that.
nothing creates a feeling of distrust in your platform like finding evidence of a backdoor in it. I see bots hammering away on my servers all day every day looking for exploitable wp/phpmyadmin/etc files. good times.
good luck keeping the churning clean man. now make with the dick jokes already.