Spam somewhere in code | WordPress.org

bodycountpodcast
(@bodycountpodcast)

10 years, 6 months ago

I didn’t see a recent post addressing this, so sorry if I’ve missed it…

Somehow there is Viagra and Cialis spam somewhere in my site. When I post links on Facebook, it sometimes comes up as the site description. I’ve also seen it as the site description in a google search.

I backed up my database, did a reinstall of WordPress, then restored the old database in my GoDaddy settings. It’s still happening.

Has anyone seen this and, if so, any idea how to find it and remove it? I can’t find the code in any of the editors.

Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator t-p
(@t-p)

10 years, 6 months ago

Scan your site for malware presence: http://sitecheck.sucuri.net/scanner/

Thread Starter bodycountpodcast
(@bodycountpodcast)

10 years, 6 months ago

It found some. Now I have to go hunt for the hidden code, which will hopefully look something like what is discussed here:

http://blog.sucuri.net/2013/07/hidemebetter-spam-injection-variant.html

Thanks!

Moderator t-p
(@t-p)

10 years, 6 months ago

Hear are some more useful sources:
You need to start working your way through these resources:

How to clean and fix hacked WP blog:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://www.jtpratt.com/how-to-fix-a-hacked-wordpress-blog/
http://sakinshrestha.com/wordpress/fix-if-your-wordpress-site-is-hacked/
http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/

Harden your WP installation: http://codex.wordpress.org/Hardening_WordPress

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

WPWhiteSecurity
(@wpwhitesecurity)

10 years, 6 months ago

Hi bodycountpodcast,

As recommended in Sucuri’s blog post, the code is not obfuscated so if you do a global search of the files content you should be able to find the link and remove it.

Alternatively you can also replace the WordPress files and themes etc from a recent backup. By replacing the files your data in the database (such as blog posts, users and other content) will not be affected.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Spam somewhere in code’ is closed to new replies.

In: Fixing WordPress
4 replies
3 participants
Last reply from: WPWhiteSecurity
Last activity: 10 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics