Pages Menu
Categories Menu

Posted on Apr 7, 2008 in admin | 9 comments



Last week evidently this site and many other WordPress blogs were hacked in a subtle way, with hundreds of invisible links added to the site without my knowledge (more info on the attack here). This resulted in Lunch in a Box being deindexed from Google, Yahoo and other search databases, and explains why Google Ads for unrelated topics like bad credit fixes and Viagra started appearing on the site as of last week. I’ve cleaned up the code and am plugging the security holes, but wanted to let readers know that I may need to take the site down temporarily over the next day or two as I work to ensure that this won’t happen again. Please accept my apologies for any inconvenience this causes!

I’d also encourage any of you with WordPress blogs to view your page source code, and do a quick search on “credit” and “viagra” to ensure that you haven’t been hit as well. More info is in the link above.

UPDATE: Evidently upgrading to WordPress version 2.5 will close the security hole that let this happen. Unfortunately, I needed to restore the site from backups during the process, so have lost some comments that readers left over the weekend. D’oh!


Post a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  1. Hey Biggie, as a fellow WordPress blogger, I just discovered WordPress Automatic Upgrade plugin.

    It makes upgrading your blog sooo much easier and faster, and also will upgrade your plugins from the plugin page.

  2. Wow. Thanks for mentioning this! I recently upgraded to WordPress from Bblog (because it has better features and Bblog is no longer being worked on). I don’t use ads, and most of these “hacks” seem to be targeting blogs with ads, but I’ll still check my source code from time to time. :)

  3. How dare they hack you!! Glad you got it all figured out. What a nuisance.

  4. @1 from Kat: That’s a great plugin, thanks! After a false start yesterday afternoon, I finally wound up creating a functioning test bed in a subdirectory, upgrading the test bed WP via Fantastico and making sure everything worked first. Once that was done and customized the way I wanted it, I made backups of the real site and upgraded via Fantastico (how I installed WP in the first place). What a breeze! The actual upgrade took less than 5 minutes of site down time, as opposed to my bungling manual install yesterday afternoon that got me into trouble.

  5. @3 from veganf: On looking into it, this round of hacks seems pretty widespread (including ZDNet, so I’m in good company!). It was a good educational experience for me and I didn’t wind up really losing content, so it worked out in the end. I’ll get reindexed by the search engines eventually and I’m not overly dependent on search engines for traffic — it’s all good, and humbling. :-)

  6. I haven’t noticed any hacked ads, but then again, I use FireFox and don’t see ads anyway… I love the blog, keep it up!

  7. @7 from DGibb: Those ad-killer apps are nice, aren’t they? My husband uses one and loves it. Anyway, I yanked the larger Google ad until the site is reindexed a little better. I’d rather hold off and show relevant ads rather than annoying bad credit ads.

  8. oh I made a comment too, it seems to have dissappeared… whatever. I am happy nothing of great importance seems to have gone missing.

  9. @9 from Jessika: Some things are still wonky as a result of the deindexing (my Google-powered internal search results are DOA) and the WordPress upgrade (Japanese fonts aren’t displaying properly), but I’m working on it. It’s a blessing that more was not affected! (knocks on wood)