Suddenly I am seeing spam links showing up in the background of my blog page...You can see it in the upper left hand corner. Any ideas where this came from, and how to remove it? Here is my blog URL.
I definitely want this OUT of my blog.
Thanks
[resolved] spam links showing up in background of my blog (13 posts)
-
janeboha
Posted 2 years ago # -
You've been hacked. I see the xan*x and other stuff when I disabled CSS in my browser.
Save your posts first. Going to Tools > Export all and save to computer. Now open up your XML file with text editor and search for and delete
<script>somethingsomething</script>you find within that XML and when you're done, save and rename the cleaned-up XML file in your computer.I see the hack in your dbx-content widget or script. Remove that from your sidebar in Appearance > Widgets and delete the script or plugin from your install.
Question is that blog hosted in your own website or is it on a free hosting service? I ask because of possible limits in your fixing the hack if you have limited access. If you're not admin of the install, contact your Site Admin and report about the issue.
Edit- didn't see alism there when I started to answer :-)
-
Posted 2 years ago #Mercime,
Don't know what the dbx-content widget is... Have checked my widgets and am unable to see that.
I have my own server space. Anything I should do with that?
Will check your other suggestions.
Thanks.
-
Posted 2 years ago #about the xml file - do you mean my sitemap? That's the only xml file I can see.
-
dbx-content
The dbx-content I saw was from the source code of your front page. It's the last widget which is titled "I Love Dogs" on your left sidebar under the google ads.
about the xml file - do you mean my sitemap?
No, I'm talking about the file generated when you run dashboard Tools > Export > All.
-
Posted 2 years ago #"Now open up your XML file with text editor and search for and delete <script>somethingsomething</script> you find within that XML and when you're done, save and rename the cleaned-up XML file in your computer."
What XML file, where? There are a bunch of xml files. I've done a search through them, for the terms that you see on screen; none have come up.
What text editor are you referring to, also?
"I see the hack in your dbx-content widget or script. Remove that from your sidebar in Appearance > Widgets and delete the script or plugin from your install."
Don't know what widget you're referring to. I've looked in each, and see no code there like that. What widget are you referring to? "DBX-content" seems to be sidebar widgets. But I don't see the code you're referring to in any of them.
"Question is that blog hosted in your own website or is it on a free hosting service? I ask because of possible limits in your fixing the hack if you have limited access. If you're not admin of the install, contact your Site Admin and report about the issue."
Yes, I'm on a server and I mentioned it, and there was no particular response about it.
I checked my mySQL database; no such terms there.
What next?
-
Posted 2 years ago #Well, I upgraded my Theme (Suffusion) and the corruption is gone. I guess it had somehow gotten into the Theme files. Well, it's not there now!
Boy, this hacking stuff is nasty!
Thanks.
-
Reminder to always back up database plus server files and folder.
-
Posted 2 years ago #And then it showed up again the other day. So this meant a little more investigation.
I found the hack in my header.php file. So I got another copy of that file (from our wonderful theme developer) and replaced the hacked version with the new one. Changed all my passwords. So far so good.
Thanks.
-
Rev. Voodoo
Posted 2 years ago #alism left you some good links to read. If you had spam inserted into your theme....just cleaning up your theme and changing your passwords may not be good enough. Hackers got in somehow....if you don't figure out how......it'll happen again.
You may need to replace all WP files, there may also be hidden files buried in your uploads folder, or somewhere else on your server which allow your theme to be changed
-
Posted 2 years ago #RVoodoo, I did change out the WP files too, which was easy since there was a new upgrade. I suspect that the hack came from my RockYou video slideshow, which I had embedded. I deleted the slideshow, and closed out my RockYou account too. So we'll see if that does the trick. From now on, I'm doing slideshows from WP plugins (hope that's not going to be a minefield but at least I'm storing my files on my own server.)
If that doesn't do the trick, I'm on to Stage 2 of this and we dig a little deeper!
Thanks.
-
Posted 2 years ago #Resolved for the moment! Am not using RockYou any longer. Also, when this happens, I just ftp the saved header.php file to my server and the hack goes away. A pain, but it works.
Topic Closed
This topic has been closed to new replies.
