There seems to be an increase in the number of people trying to steal paypal logins these days. When you get the email, it appears to be legitimate, and appears to be from paypal. Learning to use your email headers can save your account from password theft.

If you use Outlook, right-click the message in the folder view, then choose options. In an open message, choose View | Options. The “headers” are hidden information that tell who REALLY sent an email. In this case, even though the “from” field says paypal.com, that can be forged. A quick peek at the email headers tells me that the email was really sent by troery@yehey.com and belongs in the trash bin.

This is hilarious. Andru Edwards at Gear Live discovered that you may soon be able to twitter from your car. Then, Erick posted it at techcrunch. The comments on techcrunch are hilarious.

P.S. So what do you think? Early April Fools joke? Or for real?

You call it junk mail; the stuff you open over the trash bin. But, for over 50 years, marketers have considered direct mail to be the “old reliable” method of spreading the word.

For the first time, since tracking began back in 1945, direct mail spending has dropped.

According to the Winterberry Report “A Channel in Transformation: Vertical Market Trends in Direct Mail 2009” direct mail spending dropped 1.7 billion in 2008. Winterberry predicts a fall of up to 9% in 2009.

Consumers’ ever-growing involvement in digital media was a factor
eMarketer

87% of service providers are getting more demand for digital marketing, such as e-mail and search.

The drop in direct mail is not the lesson to take hime. It’s a symptom of the lesson. The lesson is that consumers are in control. Push marketing isn’t working. The sooner marketers learn that, the better.

Any two sets of statistics rarely agree. That’s because numbers are so easy to manipulate. But when it comes to search engine marketshare, two stats giants agree. Search engine marketshare seems to be frozen.

Google is no longer gaining, and the top 5 search engines have established pecking order. The numbers vary by miniscule amounts, with Compete shaving a few points off Google and throwing it to the competition, but the overall breakdowns aren’t much different.

Search Engine Marketshare 2009 Piechart:

Search engine marketshare has barely budged for six months. According to eMarketer,
“the US search market is not expected to change for the foreseeable future…”
and
“Google’s share of total US search queries seems to be stabilizing in the 60% to 70% range…”

About a week ago I was contacted by someone with a hacked wordpress blog. I hit the Internet looking for wordpress hack information and found a post at NewCoolThang. It said:

The scheme is pretty clever. Apparently what they do is hack into your WordPress site via FTP somehow or other (likely via a vulnerability in older versions of WP), then they modify your wp-blog-header.php file. The purpose of the hack is to siphon off all of your search engine traffic to their spam sites.

Right enough. That’s exactly what the hacker does. It steals your search engine traffic.

Except, it’s not just old versions. Many blogs were saying the “fix” is to upgrade your Wordpress. But the hacked blog staring me in the face was the most recent version of Wordpress. Clearly, that wasn’t the solution.

Here’s The Really Ugly Part

Most bloggers will never know they’ve been hacked. Nothing will show on your blog. And your search engine rankings won’t change. It’s what happens when someone clicks your link IN the search listings that’s insidious.

Let’s say you worked your tail off to get ranked on Google. Your search engine ranking doesn’t change. But, when someone clicks your listing in Google they’re whisked off to a spam site and it’s YOUR blog that’s redirecting them.

Google is not at fault. Neither is Wordpress. Because, if you’ve been hacked, it’s a script on your own blog that’s redirecting your traffic to a spam site. Here’s a screencap showing a snippet of code from a hacked blog. These are the search engines that the hacker was stealing traffic from;

And this is the type of sites they’ll be sending your traffic TO;

I even found a blogger whose site was removed from Google and required a re-inclusion request to get the site re-indexed. They were turfed because of the spammy links.

It Gets Uglier…

I found several different sites explaining “how” the hacker did it. But they all said different things.

Turns out there is more than one way for the hacker to get their infected file on your blog. Sometimes, they overwrite an inactive plugin. No inactive plugins? No problem, they can drop infected jpegs into your uploads folder. They also drop in fake files ending in .bak and .old and execute those.

And if you log in via ftp to delete the infected files, you’re going to find that either they have already overwritten your file permissions so you can’t change or delete their files… or they will overwrite them as soon as you try. They’ll lock you out of being able to make changes to your files via ftp.

Has Your Wordpress Been Hacked?

The one common factor is that the hacker has to create a “user” so they can make changes to your blog. So, you need to check for a hidden admin user. If you know how to use phpMyAdmin, you can check for an additional user right in your database.

If you don’t know how to use phpMyAdmin, just log into your blog admin. Go to Users -> Authors and Users. Look to see if there’s an additional admin user listed. Like this:

If there’s an extra Admin User, you’ve been hacked.

I’ll post the “fix” in the next post. Subscribe or bookmark to be sure you don’t miss it.

P.S. And please pass it on. This hack is not just hitting old versions of wordpress, and it’s not just via your plugins. Link to this post, or vote it up on Digg or Technorati to help get the word out. Thanks!