Forums

WordPress › Support » How-To and Troubleshooting

Someone places spam links in my header.php (9 posts)

  1. trig338
    Member
    Posted 3 years ago #

    Hi,
    A few weeks ago I noticed I was getting a lot of traffic through the search term "casino". I checked my header.php and found a bunch of hidden links. Nest time it was the footer.php. So I upgraded to 2.1.5 but The same links keep showing up in either the header or footer.

    Any suggestion to what is attacking my site? (http://filipstad.ifolkmun.se)

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">

<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />

<title><?php wp_title(' '); ?> <?php if(wp_title(' ', false)) { echo ' : '; } ?><?php bloginfo('name'); ?></title>

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

<link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen" />

<link rel="alternate" type="application/rss+xml" title="<?php bloginfo('name'); ?> RSS Feed" href="<?php bloginfo('rss2_url'); ?>" />

<link rel="shortcut icon" href="/favicon.ico" />

<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />

<?php wp_head(); ?>
<u style=display:none>
<a href="http://www.bsu.edu/blogcaster2/aaron/wp-content/uploads/casino/free-money-casino-8-24_6.html">free  and so on...............

  2. Samuel B
    moderator
    Posted 3 years ago #

    It's possible they are part of your theme - the author put them in.
    Where did you get it?

  3. trig338
    Member
    Posted 3 years ago #

    It's a respectable theme (i hope) - simplicity by Solostream (recently turned in to a premium theme)

  4. Samuel B
    moderator
    Posted 3 years ago #

    Yea - that's not a scab theme.
    I suppose you've already tried uploading fresh header.php and footer.php.
    It sounds like an injection/exploit of some kind. May be time to contact your host and advise them of what is happening.

  5. iridiax
    Member
    Posted 3 years ago #

    Beware: Spammers have been known to steal legitimate themes, remove the original designers' credits, add spam links, and then offer them for download as their own "free" themes. Make sure that you download themes from a reputable, original source.

    Redownload the theme and check for the spam code in the freshly downloaded copy. If it's not there, then you have been hacked.

  6. hotkee
    Member
    Posted 3 years ago #

    http://www.bsu.edu - looks like a student at some uni, report the sucker :-)

  7. Otto
    Tech Ninja
    Posted 3 years ago #

    hotkee: Nah, his site might have been hacked as well.

  8. hotkee
    Member
    Posted 3 years ago #

    Otto42 - oops, good point

  9. trig338
    Member
    Posted 3 years ago #

    Thanks for all advise - I suspect that someone registered a phony user. I've deleted all unknown users and changed all passwords. If I get another attack I'll contact the hosting company.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.