Payday Loan Hack

I guess today is a busy day, i got a tons of e-mails. From all of those e-mails, there is one e-mail that very interesting for me. Someone tell me that her site is hacked.

Google says that her site is hacked, but the online site scanners say that her site is secure. So, i decide to try it by my self.

Sucuri SiteCheck - Free Website Malware Scanner

The notification she got from Google is like this one:

Got this message in Webmaster Tools from Google
Google has detected that some of your pages may contain hidden text or cloaking, techniques that are outside our Webmaster Guidelines.

Specifically, we detected that your site may have been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.

After i read this notification, i google it to find out what does this message means. After a while, i got a clue if you are using WordPress and got this message that means if your site already got a Payday Loan Hack.

The question now is: how does the hacker can hack my site? And why does the online scanner says if my site is clean, but Google says if my site have a problem?

The answer for that questions is very simple:

  1. A hacked site usually will send some virus(es) to your visitor (malware). If your site does, then the online scanner will say if your site is unhealthyAt this case, the Payday Loan Hack is not sending any malware to your visitors computer. But this hack is like giving another person a backdoor and also give spam warning to your web hosting about illegal action (open directory) from your site
  2. As you know, there is no system is perfect. Same as WordPress. Since today a millions of sites is a WordPress based site, right now WordPress already become a ‘preferred commodity’ for a hacker. Many hacking techniques is developed such as SQL Injection

So, how to fix this problem? How to stop the annoying message from Google?

Open your active theme header.php file and search for an ‘uncommon’ code like this one for example:
<div id='hideMe'> <p><i> Online Payday Loans <a href="http://[ You really don't have to share that link ]">Online Payday Loans</a></div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script><div id="wrapper">

That is the Payday Loan hack code. Delete that code and your site become clean.

And here some tips i have to secure your site (WordPress site):

  1. To make sure if your site cannot be hacked, you can install this plugin
  2. And to make your site complete, you have to install this plugin

For the second plugin even if the plugin already expired, i already test it at WordPress v3.6 and it is working perfectly.

This plugin will send you an e-mail contain an IP address, time, URL accessed and the technique that the hacker use to hack your site. If you are serious about hacking, you can tell the police about the IP address you get and the hacker will be arrested for his/her action


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s