Dammit!!!! I HATE SPAMMERS MORE THAN ANYONE ON EARTH! I honestly, 100% mean it when I say that I want to KILL spammers. You guys are laughing right now… “hehehe. Here goes that crazy John P. with another rant about spammers. Aww, he’s just kidding!” No! I am an ex-Marine, I own guns and knives, and I’m begging a spammer to show up at my house so I can do horrible things to him!!!! GRRRRR!!!!!
Today I got an email from Google as follows:
Dear site owner or webmaster of onemansblog.com,
While we were indexing your webpages, we detected that some of your pages were using techniques that are outside our quality guidelines, which can be found here: http://www.google.com/support/webmasters/bin/answer.py?answer=35769&hl=en. This appears to be because your site has been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
The following is some example hidden text we found at http://onemansblog.com/:
calendar acrobat download wcc adobe’s click. create watermark in adobe acrobat ea adobe acrobat professional Software Planetadobe creative suite 2 rumors adobe acrobat not finding scanner . adobe acrobat 8.01 professional software adobe acrobat 5.0. activate adobe acrobat 8 adobe acrobat contact sheet Adobe Acrobat 9 Pro Extended | Software Planetadobe acrobat 6 professional serial numbers c adobe acrobat fields sql . download adobe acrobat reader full version could not find adobe acrobat plugin
In order to preserve the quality of our search engine, pages from onemansblog.com are scheduled to be removed temporarily from our search results for at least 30 days.
Why, pray tell, would Google ban OneMansBlog from the index? Well, because some sneaky bastard somehow added a bunch of spam to the footer of my blog! HOW? My directory permissions are correct, I have all the latest versions of plugins installed and WordPress is up to date. So, let’s run down a checklist of things you should do so as not to fall victim to the spammers too:
- First of all, change your password for logging into your blog to something HARD. Something that will never appear in any dictionary attack. Mine was good, but now it’s even better. See my How I’d Hack Your Weak Passwords article to understand more.
- Add the Login Lockdown plugin to your WordPress to protect against brute force attacks. If someone incorrectly attempts to log in more than 3 times it will lock their IP address out for an hour.
- USE WP Security Scan to look for vulnerabilities in your WordPress installation!
- Routinely search through your theme’s Header.php and Footer.php files and make sure nothing spammy is showing up in there. If so, delete it immediately and search for, or recruit help in searching for, the breach!
- Change the FTP login on your Webserver just to be sure that no one has managed to guess what it is.
Finally, I encourage you to restrict access to your /wp-admin/ directory. Put a text document called .htaccess in the wp-admin directory to resrict access to your WordPress admin panel by IP so that only someone coming from your IP address can access it. The following should be in the file with no line breaks before or after it:
AuthName "Example Access Control"
deny from all
allow from X.X.X.X #Put your IP address
allow from X.X.X.X #Put another IP address
If you don’t know your current IP address you can stroll over to WhatsMyIp.org and they’ll tell you. Then you can add as many lines as you need for the various spots you might access WordPress from. Like your home, work, etc.
If all of that doesn’t help you, then may God have mercy on your soul. Because I don’t know what else to do. You should check with your Web hosting provider and ask them to look into the problem. And if they don’t do it, then go to Layered Tech, get hosted on The Grid, and ask for DEFCON management! That is all.
And remember! If this can happen to me, it WILL happen to you if you don’t take precautions. You’ve been warned.