Geek Rant dot org

Mon 2009-05-25

Has my WordPress blog been hacked?

Filed under: — daniel @ 19:38

At some stage, some weird text seems to have inserted itself into a bunch of my links on my personal blog… a Get parameter referencing phpMyAdmin and a long hexadecimal string, which appears to be the same every time.

So for instance the link:
<a href=”/1995/12/22/the-bill/”>

became:
<a href=”/1995/12/22/the-bill/?phpMyAdmin=3bceb1b20913e8babce341325e13bf76″>

And this one:
<a href=”http://www.ptua.org.au/myths/energy.shtml”>

became:
<a href=”<a href=?phpMyAdmin=3bceb1b20913e8babce341325e13bf76″http://www.ptua.org.au/myths/energy.shtml”>

A Google search suggests that this specific parameter appears to be unique to my blog.

It mainly appears to have hit internal relative links, but has hit some external ones too. But it hasn’t affected all the links, by any means. Maybe a few dozen posts. And for the most part they are like the first example, above, and don’t actually break the links.

At first I thought it was a hack back at some time when I might have had a vulnerable version of WordPress on my blog. Though I’ve been unable to find any other examples of it (not that it’s the easiest thing to search for), and now I’m wondering if it was some mistake during a migration of the database.

Weirdness.

Bookmark and Share

3 Responses to “Has my WordPress blog been hacked?”

  1. Neerav says:
    Tue 2009-05-26 at 11:22

    looks like a hack to me cause of the link http://www.ptua.org.au/myths/energy.shtml

  2. daniel says:
    Tue 2009-05-26 at 13:03

    Well, the link itself was legit. The phpMyAdmin stuff added in there was dodgy.

    I guess I’m just surprised I haven’t been able to find more reports of the same hack.

  3. Chris Till says:
    Wed 2009-05-27 at 23:48

    All your links are belong to us…

Leave a Reply


25 queries. 0.389 seconds. Powered by WordPress