Forums

WordPress › Support » Plugins and Hacks

Think my blog has been hacked. (6 posts)

  1. orlandogolfblogger
    Member
    Posted 3 years ago #

    I'm not sure exactly how to describe it, but on every post there's a couple hundred outbound links that are only viewable in the source code. The links seem to change periodically throughout the day. I was using wordpress 2.5 and upgraded to 2.7 today and the problem still exists.

    here's the url OrlandoGolfBlogger.com

    Below is an example of some of the outbound links. Any one able to give me a hand?

    <!--wpfooterz--><u style=display:none>
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=2912">side effects and phentermine</a><br />
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=1584">keywords nexium</a><br />
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=35">ephedrine as cut</a><br />

<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=1549">nexium long term use</a><br />
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=999">canada discount nexium</a><br />
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=2443">active ingredient in phentermine hydrochloride hcl</a><br />
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=3090">phentermine law</a><br />
<a href="http://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=294">ephedrine cheap</a><br />

  2. Samuel B
    moderator
    Posted 3 years ago #

    Yes - you have been hacked

    you will need to to try to find where this is happening - I didn't see it in your source

    I would also report this to your host as they may have gotten in somewhere else on the shared server or may be hacking other scripts

  3. Malaria2009
    Member
    Posted 3 years ago #

    This happened to my site as well. You need to edit the Footer.php where it is in the bottom, that is why you see it on all posts.

  4. caemusic
    Member
    Posted 3 years ago #

    Did you upgrade to 2.7.0 or 2.7.1? The later is supposed to have some fixes to help prevent XSS attacks.

  5. Malaria2009
    Member
    Posted 3 years ago #

    I upgraded to 2.7 on release but i only discovered the spam yesterday, so i cant really tell when i got the spam footer. I discovered it randomly while looking for html errors on my frontpage where i had a whopping 3500 errors due to the spam urls

  6. zarkill
    Member
    Posted 2 years ago #

    i was having this same problem and found that a file called locals.php was added to my theme. it was adding these spam links back to my header and footer even after i would delete them. i wasn't even able to delete the locals.php file, but i was able to edit it so i deleted all the code in it and then set the file permissions to deny reading and writing.

    hopefully that will work and tomorrow those wpfooterz spam links won't have reappeared.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.