Eliminating WordPress Spam For Good
Regular readers of this blog will be well aware of my spam issues. Whether it be outdated WordPress plugins, scripts or the Butterfly Marketing script problem I had, it’s really something that annoys me greatly. So I set out today to rid my blog of spam, once and for all.
This article on PR Log was a great help, but after following the relevant steps, I was still getting spam injected left, right and center into my blog. I was honestly about to abandon ship and start afresh, new blog, new posts, the whole nine yards, but then doing that just means the spammers have won. I’m not letting that happen without a good old fashioned e-fight, so I decided to look deeper.
The first step (as detailed in the aforementioned article) was to change my admin password. In fact I created an entirely new administrator account and de-activated the old one. However, what I found while I was changing it surprised me. Alot.
I wasn’t actually the only one with administrator access. In fact, there were a few of us. And furthermore, I didn’t know who the heck these people were. Needless to say they no longer play a part in my blog, but it then raised another question. If they’ve had administrator access, just what else could they have done to my blog.
So I continued to look around an after inspecting my blog’s posts (use the HTML tab) I realised there was an incredible amount of spam hidden within each post. In fact, there was more spam in each post than there was content. Naturally, this had to go, so I sat down and spent a few hours removing each and every piece of spam, manually.
After this, I decided to see what these spammers could do using the huge amount of plugins I had installed. Many of them were reputable plugins by highly respected coders in the WordPress community, but I am sure they wouldn’t have liked to see what their plugins had become. Yet more hidden and malicious code. I was really not impressed. I went through again, and downloaded the clean, latest versions and eliminated this problem.
NB: I should really mention at this point, since it slipped my mind, that before each step detailed above, I was viewing the source code of my blog as it was published, looking for hidden spam and anything else that seemed out of the ordinary.
So, where were we? Admin and Users. Check. Posts. Check. Plugins. Check. But looking at my source, I still had spam, and about 200 lines of it, all pointing to pages of a site selling comics. I won’t name the URL, because to be frank, that miscreant has had enough one way backlinking from my site for free.
Using my powers of deduction, I was fairly confident that those lines of code could only be in one of two places. Either the infiltrator had modified the WordPress source code (which would have been stupid since it runs the risk of future updates overwriting it), or they had modified my custom theme.
And surprise, surprise, the theme was exactly where it was. More specifically, 200 lines of spam in my header which the admin panel wouldn’t even let me change – it had to be done via FTP- and similarly a lengthy amount of code in the footer. The footer’s code wasn’t quite as straight forward however. What I found inside my footer was a few lines of encoded base 64 code.
Now I would love to go into much greater detail about this type of code, but you’ll have to do the groundwork yourself. My blog won’t even let me mention this sort of encoding now without throwing a hissyfit, and I certainly can’t insert it into the database. My apologies.
Fortunately Google pointed me (as it will you) in the right direction and I was able to decode the offending information to see what was what. It was then removed and touch wood, my blog is clean,at least for now.
Whether I’ve removed all back doors and malicious code I can really have no idea. All I can hope is that I’m winning my own battle against spam. The war is far from over.
Did you like this post? Share it!
Subscribe now to never miss a post!
Add the ProFromGo blog's RSS Feed to your favorite feed reader and never miss a post again.
No comments