WordPress.org

Ready to get started?Download WordPress

Forums

Spam injection: What to do? (5 posts)

  1. cschormann
    Member
    Posted 4 years ago #

    Hi,
    in my blog (electricbeach.org) there is some advertisement spam inserted at the end of the page. This is happening through something added to the end of the blog_header.php file. It is some cryptic script, a long list of spam links and then another small scrip block.

    I can remove these entries from the php file, and temporarily things are good, but next day the problem is back.

    I can't find how this stuff gets injected in the file. Any idea how to diagnose this further?

    I checked the DB for a hidden admin account, in case this is what is happening, but I can't see anything in the user DB.

    Any help welcome!

    Thanks,
    CS

  2. Samuel B
    moderator
    Posted 4 years ago #

  3. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

  4. trivum
    Member
    Posted 4 years ago #

    I'm not sure how you are searching for administrators in the database, but one way that I found them was to go into my phpadmin and search for "administrator" in all tables (not just in the user table). This revealed some that were hiding with javascript because the "administrator" term still came up in other places.

    Even if you find them, however, that may not be your only problem. ... My site was recently hacked. I removed files and new admins, etc., but it kept on. Eventually I had to go to rentacoder and find someone to help me.

  5. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    many times....it's a small php file hidden away somewhere that keeps granting access to your files.

    The way I found the files hidden away was to note the timestamp of a file when it was altered, compare that timestamp against my access logs that my host offers. I would see the file that was altered being accessed by a different file that was buried way deep on my server. I went and tracked doen the rogue files and they were encrypted garbage. But once I deleted them and changed all my passwords again, I've never had a problem since

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.