WordPress.org

Ready to get started?Download WordPress

Forums

"Casino en Ligne" adding itself to my blogroll (19 posts)

  1. momunplugged
    Member
    Posted 5 years ago #

    Last night, I noticed a link in my blogroll: "Casino en Ligne." I speak French, that means Online Casino. I deleted it. I also deleted a recent plugin. Changed my password. Checked my template for weird code (I am not an expert, but I saw nothing). And I even upgraded from 2.6.1 to 2.6.2.

    All was well today, but now, about 24 hours from the last problem, I saw the same link back in my blogroll again! I have deleted it, but am at a loss as to what to do next.

    I would be extremely grateful for any ideas!

    PS. My blog is http://www.unplugyourkids.com. Thank you!

  2. whooami
    Member
    Posted 5 years ago #

    interesting, that sort of thing hasnt come up in a while. Do you have your server logs being archived If not, make sure that you do. You want those archived. If your host is using cpanel, its only a cpl of clicks to do that.

    If this were MY site:

    I wouldnt do anything until I made sure my server logs were archiving properly. Then, I would remove the link (again) and wait for them to come back.

    Then I would be going through the server log for that day with a very astute eye.

    I wrote a plugin also that captures $_POST requests too that would probably come in handy.

    The end goal in my suggestions is to find the entry point.

    If youre interested in my ideas, and need help making sure your logs are working, etc.. e-mail at whoo **AT** village-idiot.org

    I can help.

    Since the file they need to call to do that is well-known, it would also be possible to recode that to capture all access attempts, and let them go at it.

    All the while, youre logging it :)

  3. momunplugged
    Member
    Posted 5 years ago #

    Thanks so much for your help. I was actually just online trying to get my server logs from my host. I know that they are easily downloadable via cpanel, but I have a Mac and it can't unzip that file type. I am working on that, and contacting security at my host to see if they have anything more.

    I'll try and get the logs to archive (and be readable by me!).

    I am very interested in your ideas. I want to stop this, and hopefully help seal up any leak that might affect others too.

    I'll work on getting the logs and then email you. I really appreciate the help!

  4. whooami
    Member
    Posted 5 years ago #

    i look forward to hearing from you..

  5. momunplugged
    Member
    Posted 5 years ago #

    UPDATE FOR ANYONE WITH SIMILAR PROBLEM: I think it was the Snoopy vulnerability which was hopefully cured by upgrading to 2.6.3. When I upgraded, the link disappeared from the blog, but was still hidden in the database. We deleted it from there using phpmyadmin. Hopefully this is resolved now. Thank you whooami!

  6. dogxc
    Member
    Posted 5 years ago #

    I have 2.6.3 release from the begining.
    And have the same problem.
    My site is: http://www.koro.com.ua
    Actually I'm a newer in site construction and management...
    Please, help me to delete Casino en ligne.

  7. momunplugged
    Member
    Posted 5 years ago #

    Dogxc-
    Wish I could help but it seems to be resolved for me. Perhaps you ought to start a new thread so that your problem gets noticed. Good luck!

  8. dogxc
    Member
    Posted 5 years ago #

    Hi all! I've been searching for the answer about Casino en ligne but decided to go easy way.
    I deleted fragment of code, witch makes META block available from the template PHP page

  9. mookinman
    Member
    Posted 5 years ago #

    aaaaaaaagh I still cant get rid of the casino en ligne bug... how did u do it, dogxc? i dont understand

  10. MikeMcCormac
    Member
    Posted 5 years ago #

    I have the same problem. 'Casino Online' appears magically in my Blogroll. I delete it, and it reappears. Has anybody got any ideas how to stop it? The link goes to femalegamblers.org/it

  11. What version of WordPress and what theme?

  12. tforre7777
    Member
    Posted 5 years ago #

    I am having the same issue. How do I go about getting rid of this Casino. I've upgraded to the latest version of wordpress and yet it continues to return. HElp!!

  13. raisingsac
    Member
    Posted 5 years ago #

    I've just started having this issue tonight. I've tried clearing my cache and deleting the link. As soon as I log back in or refresh the blog it reappears. It's freakin' annoying!

    The link text is "Casino Online". The URL is for http://www.femalegamblers.org/it.

    My blog is http://www.raisingsociallyanxiouschildrenblog.com/. We're currently running version 2.5 and the theme is "FallSeason 1.1 by Sadish".

    Any help would be GREATLY appreciated!

  14. raisingsac
    Member
    Posted 5 years ago #

    UPDATE

    I dug into the MySQL tables, found that the link had an entry. I deleted said entry, refreshed and didn't the bugger reappear. If anyone knows how to kill this thing please pass it along ... I'm going to start looking through scripts ... but man this is annoying!

  15. johnnyboy3
    Member
    Posted 5 years ago #

    there is another post on the forum here http://wordpress.org/support/topic/228235 that helped me.

    i found the same thing tonight and then found this long encrypted line in the header.php file in the theme folder. I backed up the original file and took out this whole line. Then I went into the admin panel deleted the casino online link and it stayed deleted.

    i also changed the admin pass and made sure the wp-content folder was 0755 perms.

    that worked for now.

  16. johnnyboy3
    Member
    Posted 5 years ago #

    oh by the way, if anyone knows of how to prevent this in the future please let me know.

    and thank u for the help!
    fyi - i am using version 2.6 of wordpress

  17. raisingsac
    Member
    Posted 5 years ago #

    Thanks johnnyboy3. My next step was going to be routing through the code ... thanks to you I found the offender right away and took care of it.

  18. stockholmcollege
    Member
    Posted 5 years ago #

    Hi! In the "header.php i found a "blogroll" code called "xoxo bloggroll" and a mile of code. After i removed it the casino link was gone!

  19. oldrow
    Member
    Posted 5 years ago #

    I have this same problem and am to stupid at wordpress to figure out how to get rid of it. help please!

Topic Closed

This topic has been closed to new replies.

About this Topic