TL;DR
Attackers are posting very large HTML pages on your website. This could be simple spam, but it’s more likely a malicious attempt to harm your site’s performance, SEO, or exploit vulnerabilities. Check for hidden code, redirects, and unusual server load. Scan with security tools and consider limiting post size.
1. Understand the Problem
Large HTML posts are suspicious because legitimate content rarely requires huge filesizes. Here’s why attackers use them:
- SEO Spam: Stuffing pages with keywords to try and rank higher in search results.
- Resource Exhaustion: Overloading your server, potentially causing a denial-of-service (DoS).
- Hidden Redirects: Sending visitors to malicious websites without their knowledge.
- Exploit Attempts: Injecting code that tries to exploit vulnerabilities in your website software or plugins.
2. Identify the Posts
Find the posts causing problems. Most content management systems (CMS) have tools for this.
- WordPress: Check the “Posts” section and sort by size. Look for unusually large files.
- Drupal/Joomla: Use the admin interface to list posts, sorted by file size or content length.
If you have a lot of posts, consider using a database query (if you’re comfortable with SQL) to find them:
SELECT title, post_content FROM wp_posts WHERE post_type = 'post' ORDER BY LENGTH(post_content) DESC LIMIT 10;3. Inspect the HTML Source Code
This is the most important step! Don’t just look at what you see on the page – view the raw HTML source code.
- Hidden Redirects: Look for
or JavaScript redirects (e.g.,window.location = 'http://malicious.website/';). - Obfuscated Code: Search for code that’s hard to read, often using base64 encoding or other techniques.
- External Scripts: Check for links to external JavaScript files from unknown domains. These could be loading malicious scripts.
- Iframes: Look for