Late last Friday (September 20th) we started to hear from a couple of our publishers complaining that ads for, (how to put this without triggering every content filter on the planet?), a certain class of adult-only medication, were appearing in their feeds.
What was FeedBlitz doing? Well, since we knew we weren’t inserting this content, we dived in to take a look.
And like the last time we found dubious SEO practices, what we discovered was a new class of “Black Hat SEO” caused by compromised WordPress sites.
If your WordPress site has been hacked this way, it is linking to various web sites promoting this class of drug.
But you can’t see it on a casual inspection of your home page, because the hack uses CSS (cascading style sheets) to hide the links from people. The links are, however, visible to search engines, and this is what the perpetrators of the hack wanted. More links to their site = better rankings in the search engines. This is the essence of “Black Hat SEO” – invisible to people, visible to Google.
Crucially, the hacked HTML and CSS also made it into an infected site’s RSS feed. As such, when an RSS reader (like FeedBlitz) reads a compromised WordPress site’s RSS feed for distribution to subscribers, the nasty SEO crud comes along for the ride as well. Since RSS readers and email apps typically treat CSS differemtly (or indeed simply ignore it), the trick used by the hackers to make their links invisible to people stopped working. The increased visibility appears to subscribers, and is what caused some of our publishers to assume (incorrectly) that FeedBlitz was responsible, and is ultimately what alerted us to this new WordPress compromise.
What, then, to do about it?
Well, in a couple of hours last Friday, FeedBlitz was rapidly updated to do the following:
- For publishers using FeedBlitz as their RSS (FeedBurner alternative) service, the offending code was removed from their source feeds before propagating their blog posts into FeedBlitz’s enhanced RSS feeds;
- For publishers using our blog email subscription service – no matter whether or not the source RSS feed was at FeedBlitz, a native WordPress feed, or any other provider – FeedBlitz removed the black hat code from emails before they were sent.
In other words, even if your WordPress site is still infected with / affected by this particular hack, as of Friday evening, FeedBlitz cleaned the junk out before your content was sent on to your RSS and email subscribers we serve. It’s not FeedBlitz’s job to be a security service, but when we can quickly eradiacte the propagation of this kind of rot, we will do so. We’ve done it before, and we’ll do it again.
Meanwhile, if you’re running WordPress, check NOW that you’re not hacked with this particular piece of nastiness. Here’s how:
- Go to your most recent blog post on your site.
- View the page’s source in your browser.
- Find the opening sentence of your post in the page source.
- See links you don’t like just before that? Then you’ve been hacked. You’ll need to clean up your WP installation.
Our mission is to get your word out — safely. Although FeedBlitz did not insert this code, FeedBlitz is now protecting the readers we serve on your behalf from it.
If you’re not using FeedBlitz, start a trial today. Pricing starts at $1.49 / month.