Everything you need to know to recover and reinstall is here: http://wordpress.org/support/topic/307660?replies=1
yeah, it looks ugly.
Check this similar problem, the guy just finished cleaning his blog.
Hacked: I can’t find these Spam links anywhere? Plus more spam advice?
Ok, thanks. I’m not seeing any of those “base64”, “forex” or “eval” bits that people point to as the usual culprit.
Starting from scratch is a pain, but I can handle it. It’s mostly that I just don’t know what the source of the problem is. If there’s a back door that has been created by the hacker, for instance, I want to make sure it’ll be removed when I’m reinstalling.
If you clean your DB and make sure there are no other admin accounts and change all passwords related to the site, you can close many potential backdoors, as shown here.
Talk to your host, too, esp. if you’re on shared hosting. They may have seen/know more and know where the access is coming from.
So I went through ALL of the steps on the WP Smackdown site, as directed. No luck. Still the same problem.
Anybody have an idea what I’m missing? My host is blaming WP, so I don’t think that there’s much that I can do there.
yeah….I just had footer links show up again. I’m truly stumped. I’ve done absolutely everything, and still I get the spam links.
Did you go through the steps as suggested? Or are you just getting started?
My thread is the one referenced by bottleneck in the 3rd post in this topic.
I’ve done some serious cleaning/rebuilding already.
post your footer.php code as it may be grabbing data from somewhere
My footer is definitely not pulling data from anywhere, I checked the code and once I remove the spam, it’s clean. (I wrote the theme…).
(I can post the code if its necessary….but it’s a simple footer)
could you rename you footer.php as footer_new_name.php whatever in your theme and make sure the same in general-template.php (wp-includes folder)?
If that malicious script aims at you footer.php let it shoot in the void.
Sorry, if that advice is sort of naive, just trying to help…
well….anytime you change anything in the wp-includes folder, you will lose the change with every upgrade…..
that’d be awesome!
I just really want to know where the links are coming from…. I’m waiting on a reply about logs & stuff from my host…but it’s so annoying….
download the database .sql dump
open it with notepad and search for the links or code used in the footer
