Forums

WordPress › Support » Themes and Templates

Random spam links showing in page/post content... (9 posts)

  1. jyoung2480
    Member
    Posted 8 months ago #

    I'm well aware that certain themes and/or plugins can be tainted with hidden spam code, but this one truly baffles me.

    I started using a theme a couple of months ago. I'm now to the point where I'm almost finished with the site and ready to go live.

    I always review any new additions I make to the site in order to ensure everything looks as it should and have even had others double check things as I've added more to the site for proofreading and suggestions.

    A couple of weeks ago I added some content that contained the word "dietetics" on a couple of separate pages, as well as in a text widget. For some reason, today is the first time that the "diet" portion of "dietetics" has become a link to some nutritional supplement. This occurs with all instances of "diet" throughout the site.

    When you try and edit the post, everything looks correct, but still returns a link. However, when I go back to check the text widget, an html link has been added to "diet." Removing the code and saving doesn't solve it as the code is reinserted into the widget.

    I've already tried disabling all of my plugins, but the links remain. I haven't made any significant additions or modifications to the code in the past few days so I have no idea what could have caused these links to appear all of the sudden.

    I've run theme authentication plugins and they've all returned false positives and nothing that appears to be the culprit.

    Any suggestions on how to identify what is causing this?

    Thanks in advance!

  2. esmi
    Theme Diva & Forum Moderator
    Posted 8 months ago #

    Have you tried:

    - deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).

    - switching to the Twenty Eleven theme to rule out any theme-specific problems.

    - resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.

  3. jyoung2480
    Member
    Posted 8 months ago #

    Yes, I tried disabling plugins.

    You're not going to believe this, though. I came back to see your reply and guess what? "Diet" from my original question is now a link to the very same website on here!! Looks like the problem may actually be an issue with my individual computer. Bizarre.

    To check this, I just viewed my site on my phone. The links do not show on my posts or pages, but it still shows in the text widget. As I said before, I was able to actually see code being added to the text widget when going back to edit it.

    It may be that there is something on my computer that is adding links anytime I post "diet" in anything online. This is certainly very interesting.

    I'll have to run some virus scans and see if I can figure out what is causing it.

    Thanks for your response. I'll try and update this if I figure out anything else.

  4. esmi
    Theme Diva & Forum Moderator
    Posted 8 months ago #

    Sounds like your machine/browser has been hijacked.

  5. jyoung2480
    Member
    Posted 8 months ago #

    I just made a test post on a different message board and sure enough, "diet" turned into a link. This is incredible. I've got my scans running so we'll see what comes up.

  6. jyoung2480
    Member
    Posted 8 months ago #

    Yeah, it has to be something on my machine because I tried making the edits using Firefox and it caused the same problem. I typically use Chrome.

  7. esmi
    Theme Diva & Forum Moderator
    Posted 8 months ago #

    Try Malwarebytes Anti-Malware

  8. jyoung2480
    Member
    Posted 8 months ago #

    That's what I have running right now. I'm sure it'll find it. Besides solving my problem, I'm really interested to see what is really causing this. It's actually pretty genius, albeit ridiculous.

    The amazing thing is that it could go completely unnoticed if you never type the words it's programmed to add links to.

    The links have addresses with the domain of pixeltrack66.com, which if you visit directly, redirects you to mundomedia.com. Apparently MundoMedia is an online ad company. I'm going to give them a shout and see if they're aware of all of this. I'm sure they'd deny it if they were truly behind it, but maybe they'd have some insight.

  9. jyoung2480
    Member
    Posted 8 months ago #

    Malwarebytes found one file, Adware.Hotbar, but unfortunately it's removal didn't do anything to fix the problem.

    On to scan number two...

Reply

You must log in to post.

About this Topic

Tags