WordPress.org

Ready to get started?Download WordPress

Forums

Junk text inserted at bottom of pages with porn links (9 posts)

  1. gregcohen
    Member
    Posted 1 year ago #

    Hi gang, I'm sorry if this is painfully obvious or has been asked elsewhere.

    I have one user who sees junk text inserted at the bottom of some pages at runner.org. Here's what he sent me: https://img.skitch.com/20120525-x5u6ack1jcw95849qbhbd7jpux.jpg

    Here's the page he's looking at: http://www.runner.org/sybil-2012-race-report/

    I can't recreate it on my end and imagine he is suffering from some sort of man in the middle code insertion (if that's even a thing), but don't know what to tell him to do or what it's happening.

    Thank you folks for any help.

  2. Chip Bennett
    Theme Review Admin
    Posted 1 year ago #

    What Theme are you using, and where did you get it?

  3. adpawl
    Member
    Posted 1 year ago #

  4. gregcohen
    Member
    Posted 1 year ago #

    Hey Chip, I'm using Atahualpa 3.4.9 which I downloaded from bytesforall. The site has been up for a couple of years. Thank you for your help!

  5. gregcohen
    Member
    Posted 1 year ago #

    Thanks adpawl, do you mind taking a quick look at this: http://pastebin.com/TC0BHaix

    It looks fine to me, but I'm a total hack!

    Thanks man.

  6. Chip Bennett
    Theme Review Admin
    Posted 1 year ago #

    Ask your user to check your site using a different computer, and report whether he still sees the links or not.

  7. adpawl
    Member
    Posted 1 year ago #

    it's placed between
    <!-- / Post -->
    and

    </td>
    <!-- / Main Column -->

    hmmm... check:
    if ($bfa_ata == "") include_once (TEMPLATEPATH . '/functions/bfa_get_options.php'); ?>
    ...or is in another file.

    Try search by files modification time.

    Anyway, you still have to check all and find and remove the backdoor.

  8. gregcohen
    Member
    Posted 1 year ago #

    Adpawl, is there something you see in there that's bad? here's bfa_get_options.php, all looks legit, no?

    http://pastebin.com/b36RtfsV

    Chip, I did ask the user to try from other computer, he tried from his wife's mac, which I imagine is on the same network. He's asking his daughter to try from her house.

    I see nothing from here -- and I've tried a bunch of machines and different networks.

    Thanks all, I really appreciate it!

  9. adpawl
    Member
    Posted 1 year ago #

    Hard to say ... nothing special.
    Try get page content via Google Webmaster Tools and check would the answer still contains this code.

    Surely you are using a fairly old version of the template, better upgrade it to latest version.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.