I suppose that it had to happen sometime… About a week ago I started to notice that unauthorized advertisement links began to appear in blog entries. As followers of this blog know, I do occasionally associate links with text. Such text-associated links are apparent by bold font, whereas the unauthorized links were in bold font with underlining. I hired a network security team to root out the code that was surreptitiously loading a script that was in turn generating the advertisements. Kudos to the folks at Sucuri Security LLC for cleaning up the site in just a few hours.
Copyright 2012 Peter F. Flynn. No usage permitted without prior written consent. All rights reserved.
Do you know how they got rid of it, for other WordPress users who are similarly affected?
The people from Sucuri had to rummage the individual blog entries to locate the malicious code – this meant giving them direct access to the website. After sorting out access to the site, it took Sucuri only a few hours to locate the problems. The instructions for loading the adware were apparently distributed into two separate entries – this implies a reasonably high level of sophistication and that hackers had access to my website for an extended interval. Although I did notice the adware infiltration near the time I upgraded to WordPress 3.4.2, I believe that the events are uncorrelated. The Sucuri people also conducted a survey of the WordPress codes, and hardened the site against future attacks. For $89.99 for a year of protection and on-demand removal of malicious code, the Sucuri service seems like a bargain to me.
P.