SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures
  4. spam-seo.spammy_post.1


Detected spammy posts related to the online movie streaming and downloading scam.

In March of 2017 such posts had been created as a result of exploitation of security holes in WordPress (version 4.7 and 4.7.1) REST API.

The spammy posts have screenshots from movies and buttons that invite to watch them. Here's a typycal sample of the HTML code of the links they use:

<a href="hxxps://moviefake[.]com/en/watchmovies/978857/Fifty-Shades-Darker-2017.html"><img src="hxxps://" /></a>
<a rel="dofollow" href="hxxp://boxoffice76[.]com/movie/573067/the-transporter-refueled-2015.html" title="Also you can download Movie The Transporter Refueled (2015)" style="font-size:1px">Watch movie online The Transporter Refueled (2015)</a>

Affecting: WordPress sites that were not quick enough to upgrade to version 4.7.2 in February of 2017.

Cleanup: Delete spammy posts. Upgrade WordPress to the latest version.

For more information read: SEO Spam Campaign Exploiting WordPress REST API Vulnerability