When Hacking Goes Beyond Your Site
A recent tech crunch article on WordPress hack recovery steps revealed the site’s webtools account has additional email addressees added as owners.
If it was not enough they loaded hack files, it appears as diligent webmasters they added webtool verification files so they could add the site to their webtools accounta and take control from that end. Why? So they could add sitemaps to redirect to the “real” hack:
It appears that the hackers were using the malware to insert links in Eric’s site and using the site map to create some kind of dynamic set of redirects. But that’s just a guess, and there may be a better explanation.
Neither of us was crazy about following the links. The hacker had created more than 47 separate sitemaps using links/redirects from the site — all averaging 70,000 lines of code each (that’s a lot of URLs!) The URLs all looked similar in their format…
In this case, the hackers had set up an e-commerce site targeted at Japanese consumers.
You would think that Google would take action on email addresses and webtools accounts involved in hacking but you’d be wrong. If your site is hacked and credit card details are being email to a gmail account don’t think for one minute Google is interested. There is no way to report suspicious activity to Google or get the email account shut down.
So even if you find a hack and remove it, all those other poor site owners who have yet to discover their customer credit card details are bring sent to “firstname.lastname@example.org” are still unprotected. Come on Google, don’t be evil.