The Latest in IT Security

Mass Compromise of Sites at – SEO Spam


A regular topic of discussion the past few months has been the basicpills link injection (a type of blackhat seo spam) on WordPress sites.

If you are not familiar with it, thousands of sites have been infected with basicpills which injects a ton of spammy pharma links all over compromised site (It infiltrates WordPress and attacks the wp-posts table).

So what’s that have to do with getting compromised? Well, in the past, the attackers would inject links directing to or, sometimes something else but similar. The seem to have changed tactics, now they are injecting links to an image directory, like:

<a href=""> Buy Levitra Without Prescription</a>

If you click on any of the images, you are shown a pharma page:

In this specific case, all of sites are hosted at (in the and networks):

That’s just a few that we’ve found in the beginning of our analysis. As we started to check for more compromises, we found thousands of sites hosted at (in their gvo datacenter) that had spam in the images directory.

If you have a site hosted with, check it as soon as possible to make sure it is not hacked, and not being used by spammers.

If you have a WordPress site, also make sure it does not have those links injected in the database.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments