Internet Marketing SPAM k1b0rg Doorway Loader v0.2

I found this script in the root of my WordPress blog the other day. It’s a script that generates links to a web server in Germany. The links point to advertizing pages etc. It’s a nasty pain in the ass and you should delete it and block the server ip etc. I have no idea how it got there yet, but I’ve been trying a lot of different plugins lately so who knows…

Details:
Filename:ph.php
Location: blog root
Server: http://km20725.keymachine.de
IP: 62.141.48.94

If I find anything more out about this I’ll post it here. You can see the full details of the domain
here http://whois.domaintools.com/keymachine.de

, , , , , , , , ,

2 Responses to Internet Marketing SPAM k1b0rg Doorway Loader v0.2

  1. web site information December 25, 2008 at 2:50 pm #

    Great blog. Just stumbled here late on Christmas day – but I’ll definitely be back – – Happy new year to all

Trackbacks/Pingbacks

  1. Googlebot Keeps on Suckin It Up! — SEO web design, sarasota web site design - June 25, 2009

    […] I’ve just found a couple thousand inbound links that are a pharmacy spam exploit. This may be the remnants of an exploit I reported about a year ago here http://www.trstechnology.com/blog/index.php/k1b0rg-doorway-loader-v02/ […]

Leave a Reply