WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] HELP: Spam Links In all My Posts, how the hell? (17 posts)

  1. mega_spak
    Member
    Posted 6 years ago #

    Hi there, can some one please help out, we found out in our HTML Source code there are several spam links (viagra etc..) in the page.

    I Tried searching in the theme files, but its no where to be found.. I Tried changin the theme it self but unfortunately still cant be found.

    Will be glad if someone helps out..

    Thanks

  2. echoca
    Member
    Posted 6 years ago #

    2.0.11 is a real old version of WP. I know they have fixed lots of security holes from then to the current 2.3.3 version. Maybe an upgrade will help for the future...

    I'm sure you have to find all the posts and comments that hold these links and edit them out.

    It has nothing to do with your theme files in away way, as far as I know.

  3. whooami
    Member
    Posted 6 years ago #

    mega_spak,

    the spam links are inside the posts. Edit the posts to remove them, then upgrade.

    I am curious, you indicate you are using 2.0.11...

    Clarification on that would be most helpful, because I dont think anyone is aware of a problem with WP 2.0.11 and it is supposed to be 'safe' and stable.

  4. mega_spak
    Member
    Posted 6 years ago #

    thanks to you all 4 your concern..

    actually my version is 2.2, i couldn't get that to choose from the drop down menu, thats why i chose 2.0.11..

    I DONT THINK THEY ARE IN THE INDIVIDUAL POSTS, cause if im to post a new post right now, these links will still follow..

    and they are hidden in the posts, can be viewed in the HTML source code as below:
    ======================

    <u style="display: none;">
    [THE LINKS ARE HERE (10 links, all about viagra, pills etc..)]
    </u>

    ======================
    this is pretty a bad sign.. any help, please?

  5. whooami
    Member
    Posted 6 years ago #

    well the good news is that you are not using 2.0.11 -- that wouldnt be a good sign.

    if you are seeing them in immediate posts, then check the theme files. Take a look at things via FTP - pay close attention to timestamps that indicate a file was edited when other files were not.

    Im happy to help you in that regard but obviously I would need access to the files.

  6. echoca
    Member
    Posted 6 years ago #

    Sorry if my comment was incorrect...(open mouth insert foot and run from WP support forums forever).....

  7. mega_spak
    Member
    Posted 6 years ago #

    You are right.. this same problem was found in the pages a couple of hours ago, we fixed it i hope and found out the pages in our cp management which has not been updated in months ago was updated 6 days ago, it all contained hidden spam links and we cleared it all.

    Now with that of the posts i dont have any idea, i tried changing themes (to verify if it was a prob in the theme), but still to same..

    any idea?

  8. mega_spak
    Member
    Posted 6 years ago #

    echoca - no problem..

    even though u warent all that wrong, hope u ve now understood my hlp needed and im still waiting 4 someone to help me out..

  9. whooami
    Member
    Posted 6 years ago #

    mega_spak,

    if you still see the links after changing the themes, then it follows that the content might be being added via a plugin... since theyre inside a post, maybe something like one of those social bookmarking plugins?

    You just need to go through all the files.

    Its nearly impossible, and beyond my reasoning, that the spam is in your database.. getting it from your databse to a freshly created post, would still require a change to your files.

  10. mega_spak
    Member
    Posted 6 years ago #

    thanks whooami.. done.. it was a ad plugin..

    man this means we are not even safe with plugins?

  11. Dan Lockton
    Member
    Posted 6 years ago #

    I seem to have a similar problem with (hidden) spam links showing up on my - can mega_spak (or anyone) say which plugin it is/was which is causing it?

    e.g.

    <font style='position: absolute;overflow: hidden;height: 0;width: 0'> NEWS: <a href="http://blog.thinkfree.com/wp-content/themes/almost-spring/comments.php?blog=credit&name=2004-card-college-credit-debt-mae-nellie-statistics-student">2004 card college credit debt mae nellie statistics student</a> Canada credit card application

  12. cbdilger
    Member
    Posted 6 years ago #

    I have the same issue as Dan Lockton. I am using WP 2.5.1. Here is the offending code minus the link:

    <font style="position: absolute;overflow: hidden;height: 0;width: 0"><a href="http://REDACTED/">office furniture in Bulgaria</a></font>

    This is not the first time I've had a similar problem, and I've been keeping up to date, changing my password when I see the problem, etc. But it keeps happening.

    No recent registrations.

    Shared hosting, so I can't provide MySQL logs.

  13. hilaryjb
    Member
    Posted 6 years ago #

    Ditto, on WordPress 2.6: hidden spam text inserted in a post, naturally fully visible in the rss feed. Since the rss feed is emailed out to people with blog updates, this is not good.

    I've since deleted all inactive plugins and updated those that remain. Is there any way of telling whether this really is caused by a plugin - and if so, *which one*?

  14. Roy
    Member
    Posted 6 years ago #

    By disabling all and see if the problem goes away? When you reanable them one by one, you can tell which one it was.
    On the other hand, there can be more things, such as your theme. That is was a plugin in this thread, doesn't mean it always is.
    Btw. when did you upgrade to 2.6 and from what version did you come?

  15. dkatzman
    Member
    Posted 6 years ago #

    Hi guys,

    Today I discovered I have the same problem... Some damned hacker got to insert a lot of hidden code in my WP 2.6 blog... I tried disabling all my plugins but no luck: the code is still there, which prevents my feed from processing at Feedburner....

    Any more ideas?

    Thanks!

  16. dkatzman
    Member
    Posted 6 years ago #

    Done,

    The problem solved after an update to WP 2.61. I guess some of the core WP files got hacked...

  17. macsorg
    Member
    Posted 6 years ago #

    I just upgraded today to 2.6.1 after being really lazy and was still on 2.1.

    Reason for my upgrade was exactly what's being discussed here... Spam links in the source code of posts.

    They were on individual posts and thank goodness on less than 20 posts, which I still had to manually edit.

    One post had 3,075 links... Can you believe this????????? (no, I did not count.. lol... I pasted the links into NotePad2 which numbers each line)

    I freaking had a MAJOR heart attack when I saw those links in the source, but a bit of relief when I saw that it was nowhere on the actual page/post and did not show on Feeds (I have tons of subscribers for my Feeds).

    Anyway... Upgraded WP just a few hours ago and now I'm crossing my fingers as I haven't given enough time to see if the problem is solved.

    Just hope that spammers won't find any new flaws on 2.6.1 in case it was fixed.

Topic Closed

This topic has been closed to new replies.

About this Topic