A really interesting spam hack popped onto my radar today. Here’s the post from the LITABlog, as seen in browser:
Here’s the bottom of the post. Nothing unusual, right?
Here’s the same post in Google Reader:
Spamolicious! Where the hell did all that come from? From this little piece of code in the post:
A hidden bit of code in the bottom of the post. I hadn’t seen this before, but Joshua M. Neff told me it happened to him as well. In the comments there was a link to the wordpress developer’s blog about a similar issue…but not an identical issue. I don’t think this is necessarily a SQL injection issue.
So: anyone have any thoughts? How did that code get put into an existing post? LITABlog is running the latest version of WordPress, so it’s not that. I don’t see any more of them, but I won’t unless I look through the code manually or whip up some SQL-fu that greps for the hidden css string. Which I will do if I must, but I thought maybe someone out there had a better idea. 🙂