Site Hacked, then de-Hacked?

Many of you called my attention to a problem with the site that seemed to have popped up a few days ago: every post was embedded with about a million invisible links to e-commerce sites. You could only see them by opening one of my pages and then choosing “View Source” in your browser.

My fingers are crossed but I think I’ve figured out the problem. It seems like my wp-supercache plugin got hacked. I disabled it and presto, my pages are all clean.

What a (fingers crossed) relief (I hope). The worst-case scenario is that my databases have been corrupted and there’s no way to be rid of this without meticulously rebuilding the whole damned thing one molecule at a time.

Which leaves the question of how the plugin got hacked in the first place. Over the past few days I’ve learned that one of my hosting service’s admin databases was compromised a few months ago.


I’ve reset my passwords. I’ve been reminded of the fact that my site passwords should be changed just as frequently as I change my other passwords. I’ve been reminded that it’s important to keep up to date with the news alerts coming from your host.

I’ve also been reminded of my longstanding commitment that if God were to give me 100 bullets (with the understanding that neither He nor any mortal agency would ever hold me accountable for what I do with them), at least 20 of them would be for the eggsuckers who deploy garbage like this.

3 thoughts on “Site Hacked, then de-Hacked?

  1. Erik

    I can just see the movie, now. “‘100 Bullets!’ The story of a man with a hat, massive chops, firepower, and a mission blessed by God…” Andy, when do you start production? :D

  2. Cole

    Hi Andy … this happened to me a few times back when I was on a hosting company called StartLogic. Someone was able to do something similar twice — both times the only way you could see the problem was if you visited my wordpress site using a specific version of IE on the PC so I actually never saw it until a co-worker brought it to my attention. The people that do this sort of thing should be put away. After years of running my own WP install (something like 5 years) I recently switched off to a hosted TypePad blog and honestly couldn’t be happier. I no longer worry about pretending to be a server admin and focus my energy instead on writing. At any rate, good luck with the hackers and spam roaches!

  3. milquetoast

    You are apparently rehacked. If you shut off Javascript and open a page; all the spam links will be visible at the top of the page.

Comments are closed.