scottop
Member
Posted 3 years ago #
Last night my feed was hacked. After the feed is a bunch of spam, which begins with this:
<u style=display:none>
greek god cronus
This happens no matter which type of feed I use (atom, rss, rss2).
"ideeenenmedia" does not appear anywhere in my database, so I assume that the feed software has been hacked to INCLUDE an off-site file. I have tried to follow the code through what happens when we ask for a feed, but get lost. There are just too many levels of redirection.
My feed is: http://word.op.org/?feed=rss and you can see it best in feedvaldator:
http://www.feedvalidator.org/check.cgi?url=http%3A%2F%2Fword.op.org%2F%3Ffeed%3Drss
Version: 2.6.1
I don't think it's your feed. Just have a look at the source of your website. It's "ideeenmedia" all over the place.
scottop
Member
Posted 3 years ago #
>It's "ideeenmedia" all over the place
Sorry, I don't understand. The word "ideeenmedia"is not in the codebase. I downloaded it and searched it.
weird stuff
from your page at word.op.org - after the closing html tag you have a bunch of links to the ideeenemedia site
</body>
</html>
<u style=display:none>
<a href="http://www.ideeenenmedia.nl/test/k/index.html">greek god cronus</a>
<a href="http://www.ideeenenmedia.nl/test/k/index1.html">rockxp3</a>
followed by several hundred more links to the ideeenemedia site
The links are not in the database. Your website got hacked and injected with spam. Go to your website and view the source using your browser and you'll see.
The links are put in your footer.php.
scottop
Member
Posted 3 years ago #
Yes, that was it. Thank you!
Someone hacked my top level index.php file and put that stuff in it. Problem solved. Back in business.
Perhaps you want to read this to prevent this from happening in the future:
http://codex.wordpress.org/Hardening_WordPress
Roy
