Hackers insert SEO Spam via WordPress
Hackers make use of unsecured WordPress sites to hack their targets.
WordPress websites are sprawled all over the internet especially given our huge market that consumes CMS products. Considering the weak nature of most of these websites, it becomes extremely easy for crooks to hack into their respective installations via outdated plugins, third-party themes or weak admin passwords.
"The attacker hopes you will focus on the theme files (i.e. header.php, footer.php) and the files in the root of the WordPress install (i.e. index.php, wp-load.php)," Sucuri's Luke Leal explains the crook's decision to modify this particular file.
Globally distributed security company, Sucuri revealed a new method of inserting SEO spam on hacked WordPress primarily used by hackers to attack their targets.
These websites are essentially hacked uploading the the /wp-includes/load.php file, one of WordPress' core files on the website. After which, hackers use these websites as bots in DDoS attacks, as command and control servers for criminal operations, as malware download sites, to host malvertising and to hijack SEO results. They achieve the last by forcing hacked websites to load content that’s otherwise hidden by default. In one such case, Sucuri discovered a business portal showing pornographic content in its Google search results description.
"At this point, I would like to mention that manually auditing your website files for modifications would be very exhaustive and this is why we recommend using file monitoring," Leal advises other site admins.