SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. spam-seo.dating_spam.1


Detected spammy posts with lots of links with dating related keywords.

In March of 2017 such posts had been created as a result of exploitation of security holes in WordPress (version 4.7 and 4.7.1) REST API.

Spammy posts have long lists of about 200 links per post.

<a href="hxxp://rosadodesertobrasil[.]">uomo cerco uomo bologna</a><br />
<a href="hxxp://grozbox[.]ru/journal"></a><br />
<a href="hxxp://help-plus[.]de/img">n<<tdejting svarar inte router</a><br />
<a href="hxxp://kurgan.inueco[.]ru/wordpress">site de rencontre vive les rondes</a><br />
<a href="hxxp://driquet[.]com/site">hur ska man dejta en tjej</a><br />
<a href="hxxp://mistergenius[.]be/journal">nom des sites de rencontres</a><br />

Affecting: WordPress sites that were not quick enough to upgrade to version 4.7.2 in February of 2017.

Cleanup: Delete spammy posts. Upgrade WordPress to the latest version.

For more information read: SEO Spam Campaign Exploiting WordPress REST API Vulnerability