33,000 hits and over 14Gb of traffic in two days? April 8, 2008
Posted by Lucanos in : programming, wordpress , trackbackHow, you may ask? Simple, I say - I was Hacked. The logs I have managed to extract from my server are sketchy at best, but I was lucky enough to be assisted by Kevon of TailRank.com who was very generous with his time and clued me into why I was being crippled by bandwidth overheads when his servers were doing their normal polling activity. (NOTE: TailRank were NOT responsible in any nature for this attack.)
Symptoms:
- Massive pagesize increase.
In my case a 61Kb page spooled into a 600Kb page due to the link insertion. - Bandwidth load increase.
A 900% increase in pagesize, mixed with increased traffic as the spiders start falling for the trap, will blow your bandwidth quota away.
Treatment:
- Check your WordPress Template’s Footer and Header files (normally footer.php and header.php respectively). There will be a massive collection of dodgy links (all hosted on similarly compromised WordPress installations).
- Delete the links manually.
- Unless you are constantly tweaking your WordPress template, lock down the permissions.
In SSH run “chmod -R 644 wp-content/themes” (from your WordPress root folder).
This will allow the system to Execute and Read your Themes, but not to Write to them. - When you have a chance, Upgrade your WordPress Installation.
Causes:
- I have poked around some of the links which were inserted by the Hacker and found that the content being loaded points to Seo52 as the culprit (or at least, accomplice) of this hack.
Comments»
no comments yet - be the first?