An Interesting Dilema

  • Resolved Juba

    (@brightonseo)


    10 years, 11 months ago

    Hi
    I have an unusual dilema here.
    My site at http://tenerifeforum.org.es was accessed by someone and they proceeded to add 4 outbound links pointing to the following sites without my consent:

    [ Links redacted, they’re not really needed here ]

    If you go to the homepage, they are not visible but if you view the source code, they have been inserted in the footer section.
    I discovered this because today I was checking my outbound links from my site with seo quake.

    I have submitted a complaint to Google but I really need to find a way to remove the links as they could be damaging my site.
    I paid someone to help secure the site and I suspect they were the ones who did this but now they are not contactsble.

    In the WP admin section, I checked the Editor section but cannot see the links anywhere so they are obviously quite experienced people.

    If anyone knows how these links can be removed, I’d really appreciate the help.

    Thanks.

Viewing 15 replies - 1 through 15 (of 17 total)
1 2
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 11 months ago

    If someone is adding things to your installation then I’m sorry to say you’re hacked and need to start on these links.

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
    http://codex.wordpress.org/Hardening_WordPress
    http://www.studiopress.com/tips/wordpress-site-security.htm

    That should get you started on getting a handle on your situation.

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    Hi Jan thanks but that doesn’t help because it’s not a real hack.
    They got access to the site from the work I gave them and unknown to me, they dopped the 4 links into my site.

    WHat I really need now is to find a way to remove the links because I can’t find them in any of the files, only when I view the source could, that’s when they show but they don’t show up on anything else.

    Hope you understand me now.:)

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    I just noticed, the links in my origianl post have been removed so to explain further, the homepage source code is showing 4 urls in the footer section which should not be there and would like to find a way to remove them because they don’t show in normal page view or admin files section.

    Any advice on how to remove the links greatly appreciated.

    Thanks

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 11 months ago

    Try this:

    – Temporarily deactivate all of your plugins and switch to the Twenty Twelve theme. You can switch back later.

    – Clear your browser’s cache and cookies.

    – Visit your site again.

    If you are lucky then they added that via the theme or a plugin and those links will be gone. You’ll need to then look in all of your plugins and your theme files for those links.

    If the links are still showing up after that then you are hacked or at least need to treat your installation as such.

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    Hi Jan
    I did some forum searches and managed to figure out where the links are but don’t know what to delete.
    They placed the links in the functions php file of the theme and when I removed the section the footer disappeared completely so I put it back to how it was.

    This is the code where the links have been hidden:

    function custom_footer() {
    ?>
    <p class="credit"><a href="http://moderated" title="WordPress Tutorials">WordPress Tutorials</a> | <a href="http://moderated" title="Design web">Design web</a> | <a href="http://moderated" title="Free website design">Free website design</a> | <a href="http://moderated" title="Site Gratis">Site Gratis</a></p>
    <?php }

    [mod: actual spam links moderated]

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    Is there a way to delete the links without affecting the site?

    Michael

    (@alchymyth)

    10 years, 11 months ago

    try to just remove the central line:

    <p class="credit"><a href="http://moderated" title="WordPress Tutorials">WordPress Tutorials</a> | <a href="http://moderated" title="Design web">Design web</a> | <a href="http://moderated" title="Free website design">Free website design</a> | <a href="http://moderated" title="Site Gratis">Site Gratis</a></p>

    if this is not it, you might need to post the full code of functions.php (please use the pastebin for that – http://codex.wordpress.org/Forum_Welcome#Posting_Code )

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 11 months ago

    *Looks at site again*

    That’s a custom theme so it’s hard to say. To be honest I would hesitate to recommend that you poke at it. It’s just to easy to render your site unusable with just a typo.

    If you can get the original unaltered version of that theme that excludes those modifications that would be best.

    If that does not work then you can try modifying that custom_footer() but make sure that you keep an unmodified copy of that file.

    Edit: Or see alchymyth’s reply. 😉

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    I’ve pasted the code in the section you suggested.:)

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    I have another site that uses the same theme without any real customisation.
    Would as copy of that function php file do the trick?

    Michael

    (@alchymyth)

    10 years, 11 months ago

    I’ve pasted the code in the section you suggested.:)

    please post the link to the particular pastebin

    – re-read http://codex.wordpress.org/Forum_Welcome#Posting_Code

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    Here’s the code alchymyth

    http://pastebin.com/3hCbeb04

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 11 months ago

    As that’s a commercial theme, wouldn’t it be better to just get that from the source?

    Thread Starter Juba

    (@brightonseo)

    10 years, 11 months ago

    I have the zip file of the theme so is it possible to just extrasct the function file from it?
    Any tips on this as I’m not sure about it,:)

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    10 years, 11 months ago

    If that zip file came from the original theme provider then it should be alright… Once again make a backup copy before you overwrite any existing files.

    Or contact the original theme provider for a fresh copy. That’s what I would do as it’s the safest way to go IMHO.

Viewing 15 replies - 1 through 15 (of 17 total)
1 2
  • The topic ‘An Interesting Dilema’ is closed to new replies.

Tags