Seonix WordPress hack and the tool that fixed it in 5 minutes

This morning I recieved a VERY disturbing email from one of our readers:

On Tue, Apr 3, 2012 at 5:56 AM, Jorg Ruis
Hi Jeremy,

Tried to contact you Twitter and your contact form several times. Last week Thursday I discovered that someone got in to our backend and submitted quite some links (124 posts to be exact) to seonix.org. He also changed some of the canonicals of posts. I looked up which other domains were linking to him and I see quite some pages from you guys popping up like this one www.shoemoney.com/2008/11/04/making-money-with-local-affiliate-programs (chick the link at ‘affiliate marketing’). He also got to VentureBeat, Crunchbase, W3-edge.com and some others.

All the best,

Jorg Ruis

First and foremost I want to thank Jorg for taking time out to email us. Some of these are years old.

I looked at the post he mentioned then started going through the revisions of the post. It was easy to pinpoint what administrative users account had been comprimised. It was a former employee who had not been on our staff for 2 years.

I searched then site wide and found 36 posts had the links to seonix.com with various keywords as anchor, title, and alt text.

Now I could go through manually and change every one… but some had multiple links per post (average of 2 per post).

But instead I used our awesome seo mass link wordpress plugin

Using this tool I easily found all the links:

I selected all the posts and hit remove all:

Then you can see the results, see previous and current, and even revert all or certain changes.

About The Author

Comments