Since some days a rather nasty hack has been going round in the WordPress community. I actually noticed it myself not that long when I googled for ‘Chris Pearson‘ and what I saw in the results was… shall we say ‘interesting’?
Prozac, Levitra, Lexapro? Had Chris sold the ‘Best Damn Blog on the Planet’, AKA Pearsonified? I went to check out Chris’ blog but no. No Prozac, Levitra or anything else of suspicious nature to be found there. Just your regular well-tuned Pearson content. I even looked in the source code and a quick search for known brands ended empty. I left again, having long forgotten already why I googled Chris in the first place.
Now it seems though that this hack is making the rounds and becoming more and more popular. Leland Fiegel from Themelab first reported about it on first reported about it on the Themelab blog, more than a month ago already. Afterwards the issue was covered over at the WP Tavern forums but no solution has been found so far. Even the WordPress Lead Developer, Mark Jaquith, is left clueless and hopes to solve the issue ASAP.
@Skitzzo if someone has actionable security info, they should notify us. If the hackers got in via WP, the access log should have info. [Mark Jaquith on Twitter]
How can you recognise whether your blog is affected?
One option is to wait for Google to cache your content. Did I say before that Yahoo is also targeted with this cloak hack? If I hadn’t so far, I just did.
The other, and faster, way is to use Google’s own Fetch as Googlebot tool. This tool allows you to view how the Google crawlers see your site. Your site must therefor be added to your Google Webmaster Tools account and then you can find it under Labs for every site. In the video below, by Leland Fiegel from Themelab, you can see what the hack does to infected sites.
Read more about the hack at WPBlogger.