• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About
    • Stephen Foskett
      • My Publications
        • Urban Forms in Suburbia: The Rise of the Edge City
      • Storage Magazine Columns
      • Whitepapers
      • Multimedia
      • Speaking Engagements
    • Services
    • Disclosures
  • Categories
    • Apple
    • Ask a Pack Rat
    • Computer History
    • Deals
    • Enterprise storage
    • Events
    • Personal
    • Photography
    • Terabyte home
    • Virtual Storage
  • Guides
    • The iPhone Exchange ActiveSync Guide
      • The iPhone Exchange ActiveSync Troubleshooting Guide
    • The iPad Exchange ActiveSync Guide
      • iPad Exchange ActiveSync Troubleshooting Guide
    • Toolbox
      • Power Over Ethernet Calculator
      • EMC Symmetrix WWN Calculator
      • EMC Symmetrix TimeFinder DOS Batch File
    • Linux Logical Volume Manager Walkthrough
  • Calendar

Stephen Foskett, Pack Rat

Understanding the accumulation of data

You are here: Home / Everything / Personal / Is the Wordpress SEO-Slugs Plugin Hacked Or What?

Is the WordPress SEO-Slugs Plugin Hacked Or What?

April 21, 2012 By Stephen Leave a Comment

I noticed something very odd in my blog logs today: Lots of requests for things I never wrote! I was getting hundreds of requests for “Christiano Ronaldo 2012 Boots” and other nonsense. A quick search revealed hundreds of links to my site promoting wallpaper images that I don’t host, all running through a disused WordPress plugin. I deleted the file, and couldn’t find any hack or intrusion, but I’m still wondering what exactly was going on here!

If you arrived on this page looking for a wallpaper image, you clicked through a site that included this hack. You’ll see the URL you clicked in the URL above after the “#!” part. I don’t have any such content, so you might as well go somewhere else, unless you care to read on regarding this puzzling hack!

SEO Slugs Injected Content On My 404 Page?

The issue lay with an old plugin I used to use called “SEO Slugs“. It removed “stop words” from the “slug” or URL of a blog post – things like “the” and “a” that search engines don’t want or need. I de-activated this plugin a while ago, and it appears it doesn’t work with modern versions of WordPress anyway. But I left the files around, a bad idea to be sure.

One annoying aspect of the WordPress plugin architecture is that even deactivated plugins can be called by name and executed. This was the root of the Timthumb exploit I wrote about in January, and remains true for all others. In this case, the URLs went directly to this plugin, since they all contained the prefix, “/wp-content/plugins/seo-slugs/”.

Somehow, by feeding this plugin a string, text and images would be added at the end of “the loop” from some unknown source. So my site returned my standard 404 page, but with a news report dropped into the sidebar you see at right. In the case of Christiano Ronaldo, it included a few paragraphs with text, too!

I was really concerned at first that my blog really had been compromised. I quickly too remedial action, changing my passwords and salts. Next, I checked my database manually using SQL queries and my filesystem using grep. But I didn’t find any “bad content” in my database or my filesystem. It appears that my site wasn’t compromised at all, fortunately.

What Happened Here?

I’m really puzzled, honestly. I can’t find any reference to a known hack of this plugin, and yet there are hundreds of references to my blog out there. Somewhere, a bot or spammer is filling sites with links to alleged jpeg files of various pop culture figures that all call my blog. Yet I don’t host this content!

I don’t see what benefit the spammer gets from all this. Sure, I’ve got a high-PageRank site. But this doesn’t appear to be a PageRank scam. Casual visitors to my site would never see this content (they have to hit a weird URL I would never link to) so it’s not typical spam. They’re not even freeloading on my server CPU and network bandwidth!

Stephen’s Stance

I guess it pays to delete disused plugins, something I’ve now done. But I’m still puzzled by all this, and I welcome comments or suggestions. Where’s the benefit for the perpetrator? Is there some nasty rock I haven’t turned over?

You might also want to read these other posts...

  • Electric Car Over the Internet: My Experience Buying From…
  • Scam Alert: Fake DMCA Takedown for Link Insertion
  • How To Install ZeroTier on TrueNAS 12
  • Tortoise or Hare? Nvidia Jetson TK1
  • Liberate Wi-Fi Smart Bulbs and Switches with Tasmota!

Filed Under: Personal Tagged With: hack, PageRank, php, plugins, seo-slugs, URL, WordPress

Primary Sidebar

The movie never changes. It can’t change; but every time you see it, it seems different because you’re different. You see different things. – 12 Monkeys

Subscribe via Email

Subscribe via email and you will receive my latest blog posts in your inbox. No ads or spam, just the same great content you find on my site!
 New posts (daily)
 Where's Stephen? (weekly)

Download My Book


Download my free e-book:
Essential Enterprise Storage Concepts!

Recent Posts

How To Install ZeroTier on TrueNAS 12

February 3, 2022

Scam Alert: Fake DMCA Takedown for Link Insertion

January 24, 2022

How To Connect Everything From Everywhere with ZeroTier

January 14, 2022

Electric Car Over the Internet: My Experience Buying From Vroom

November 28, 2020

Powering Rabbits: The Mean Well LRS-350-12 Power Supply

October 18, 2020

Tortoise or Hare? Nvidia Jetson TK1

September 22, 2020

Running Rabbits: More About My Cloud NUCs

September 21, 2020

Introducing Rabbit: I Bought a Cloud!

September 10, 2020

Remove ROM To Use LSI SAS Cards in HPE Servers

August 23, 2020

Test Your Wi-Fi with iPerf for iOS

July 9, 2020

Symbolic Links

    Featured Posts

    Virtualized and Distributed Storage: This Time For Sure!

    September 2, 2014

    How Smart Is the Mondaine Helvetica Smart Watch?

    December 30, 2015

    The 2018 iPad Pro is a Beast!

    November 9, 2018

    Top VMware Blogs 2014: How I Voted

    February 25, 2014

    Virtual Machine Mobility: Of What, and to Where and in What State?

    January 16, 2012

    Ranting and Raving About the 2018 iPad Pro

    November 11, 2018

    From Kipling’s Dirigibles to the Jet Age

    May 13, 2012

    Why Are PCIe SSDs So Fast?

    June 12, 2013

    ZFS Is the Best Filesystem (For Now…)

    July 10, 2017

    Electric Car Over the Internet: My Experience Buying From Vroom

    November 28, 2020

    Footer

    Legalese

    Copyright © 2022 · Log in