enrii.blog

A passionate programmer’s findings in the world of internet.

Check If Your Blog Has Been XSS Hacked

June 17th, 2008

Matt Cutts mentioned about an easy check to know if your blog or website has been hacked using cross site-scripting (XSS). Since this blog got hacked not long ago, I did the check.

All you have to do is to google for: "<your domain> <spam keyword>"

Alternatively, you could try: "site:<your domain> <spam keyword>"

I guess everybody knows what keywords that most spammers would use. A very obvious example would be "porn". So, I search in Google for "enrii.com porn". In the search result, I found one of my page links to a porn site. As I opened the page, I can't see the word.

Using Ctrl-F on Firefox, it seems to be able to find the word, though it is not visible. Then, I looked in the source file (right-click > View Page Source), and I found a long list of links after blog content. The spammer hide the links with the following CSS:

position:absolute;overflow:hidden;height:1px;width:1px;

Obviously, it is done for the search engines, not for my visitors. I have removed it. You should do the same for your blog. You should also try on different keywords.

Though it's interesting that this trick actually helps you to removed unwanted spam on your blog, I wonder why it would work as the page could have been removed from Google's search results if it contains spams.

If my article helped you solved your problem, consider buy me a beer!

Share this article: del.icio.us | digg it

Tags:

Related posts:

2 Responses


ipohchai says:

The main concern is how they plant such keyword into one’s blog?
if they could do it once, they could strike again and again


EngLee says:

Most of the time, it is done through bugs in script (i.e. WordPress) that you are using. It should be OK if you have upgraded to the latest version, especially those version with security fixes.

Last time it happened because I was running on a slightly older version.