Uli's Web Site
[ Zathras.de - Uli's Web Site ]
Other Sites: Stories
Pix
Abi 2000
Stargate: Resurgence
Lost? Site Map!
 
 
     home | blog | moose | programming | articles >> blog

 Blog
 
 Archive
 
 Blog Topics
 

15 Most Recent [RSS]

 Less work through Xcode and shell scripts
2011-12-16 @600
 
 iTunesCantComplain released
2011-10-28 @954
 
 Dennis Ritchie deceased
2011-10-13 @359
 
 Thank you, Steve.
2011-10-06 @374
 
 Cocoa Text System everywhere...
2011-03-27 @788
 
 Blog migration
2011-01-29 @520
 
 All you need to know about the Mac keyboard
2010-08-09 @488
 
 Review: Sherlock
2010-07-31 @978
 
 Playing with Objective C on Debian
2010-05-08 @456
 
 Fruit vs. Obst
2010-05-08 @439
 
 Mixed-language ambiguity
2010-04-15 @994
 
 Uli's 12:07 AM Law
2010-04-12 @881
 
 Uli's 1:24 AM Law
2010-04-12 @874
 
 Uli's 6:28 AM Law
2010-04-12 @869
 
 Uli's 3:57 PM Law
2010-04-12 @867
 

More...

Insidious Aspma dot Com WordPress Hack!

It appears a site named aspma.com is laying Google-bait by hacking into other websites. The only common denominator I've found so far is that the sites all seem to be using WordPress, and they seem to be inserting their spam into the actual post message. The insidious thing about this hack is they're using the following code fragment (link replaced with 'xxx'):

<div class='fds432' style='overflow:auto;width:0;height:0;'>
<p>Do you want <a href="xxx">download mp3 music</a> from online mp3 archive,
You find where <a href="xxx">mp3 music download</a> for mp3 player.</p></div></p>

Yes, ladies and gentlemen, this is a DIV with width and height set to zero. This means that it doesn't show up when you look at your page, only in the RSS feed if you're lucky, or when you search the page source code. However, it is visible on the site for Google, which thinks the hacked site was linking to that target site.

A quick search on Google by my sister already found seven infected sites, and that is not counting the site I found it on (it's a tad hard to google for this term).

If you have a web site, I recommend you search your own site for such width:0 and height:0 tags and similar invisible content. Google Blog Search seems to be a good tool for finding some infected sites, though apparently not all of them, so try several.

Update: Peter Hosey is currently investigating this matter, and according to him it looks like they're going through WordPress' xmlrpc.php file, and there seems to be increased traffic hitting that file.

Reader Comments: (RSS Feed)
No comments yet
Comment on this article:
Name:
E-Mail: (not shown, hashed for Gravatar)
Web Site URL: (optional)
Comment: (plain text only)
Please Enter the following word:
Or E-Mail Uli privately.

 
Created: 2008-03-24 @506 Last change: 2008-03-25 @764 | Home | Admin | Edit
© Copyright 2003-2014 by M. Uli Kusterer, all rights reserved.