I've been hosting a handful of WordPress sites for friends for years. I thought my setup on a shared host was secure enough, until some of them got this Japanese keyword hack. It's a major pain to follow these directions to clean a site out. Enough of a pain that I've been rewriting the sites with another CMS / site builder, with hosting that I don't have to manage.
Basically what it did:
Create a htaccess file to redirect request.
Respond differently if client is web-crawlers i.e. seo cloaking.
Download a php backdoor.
Rewrite sitemap.xml and robots.txt
I'm still not sure what exploit that it uses to gain access.
I looked through the article in hope to learn about new vulnerability related to Unicode handling but it turned out just a normal vulnearbility in outdated PHP applications. It has no relation to Japanese language.
I remember cleaning a couple of client's wordpress sites that were infected with this hack some years ago, during 2015 if I remember correctly, it was hard work. It seems many sites were infected with this kind of spam at the time.
8 comments
[ 1.2 ms ] story [ 32.2 ms ] threadhttps://github.com/shiragami/japanese-backdoor/blob/master/o...
Basically what it did: Create a htaccess file to redirect request. Respond differently if client is web-crawlers i.e. seo cloaking. Download a php backdoor. Rewrite sitemap.xml and robots.txt
I'm still not sure what exploit that it uses to gain access.
Anyone know why it's specifically Japanese?
Kudos for the service to all the servicemen.