I discovered last week that somebody had hacked my blog and added a bunch of link spam at the end of the footer script. For some unknown period of time, all of my blog pages contained hundreds of spam links–mostly for prescription drugs. But nobody saw them.
I don’t understand why it was done that way, but the links were invisible in browsers. At least they were invisible in the browsers that I use, and none of my regular readers sent me a message notifying me of the spam. I found out about it when I upgraded my WordPress to the latest version. After the upgrade I was checking out the footer script and discovered all those lines.
I know that it was there on May 22–the last day Google crawled the site. Their stats for my site show that prescription drug terms are the most prevalent terms on my site. I guess I look like a link spammer now. I hope they crawl again soon.
The most important lesson I learned here is to pay attention to the Dashboard when I log in to WordPress–especially when it contains warnings about vulnerabilities and upgrades. I hadn’t upgraded in many months, and was several releases behind.
I don’t know what exploit the malefactors made made use of in order to change my footer.php file, but I’m pretty happy that’s all they did. I suspect they could have modified any of my WordPress files and really made a mess of things. I don’t think they actually compromised my WordPress administrator account or my account with my ISP, but I changed the passwords anyway.