Forums

WordPress › Support » How-To and Troubleshooting

What the heck is going on with my site?!! (8 posts)

  1. ehlifestyle
    Member
    Posted 8 months ago #

    It just started happening recently. Whenever I visit (or others) my site, at the bottom in the status bar (google chrome), it shows a bunch of random sites loading and then the user gets redirected to some random spam site.

    For me, it only happens when I visit the site for the first time after a history/cookies delete.

    Activated plugins I have (I do need all of these):

    AdRotate
    All-in-One SEO Pack
    Duplicate Post
    Fast Secure Contact Form
    NextGen Gallery
    TinyMCE Advanced
    Wordpress popup scheduler (current disabled - initially I thought this was causing it)
    WP Show IDS

    How do I get it fixed without having to stop using the plugins, or is it not plugin related?

    Thanks!

  2. kmessinger
    Member
    Posted 8 months ago #

    URL please.

  3. ehlifestyle
    Member
    Posted 8 months ago #

    http://www.capitalescorts.ca

    Thanks!

  4. Jan Dembowski
    Volunteer Mod. & Brute Squad
    Posted 8 months ago #

    it shows a bunch of random sites loading and then the user gets redirected to some random spam site.

    How do I get it fixed without having to stop using the plugins, or is it not plugin related?

    You're almost certainly hacked. Your plugins and WordPress install is suspect.

    Try this: in Chrome load up your blog. Once it starts loading, right click on the web page and select View Page Source (or View -> Developer -> View Source from the menu).

    Now while viewing the source, CTRL-F (or command-F on the Mac) and search for IFRAME. Look around line 40'ish, see anything goofy?

    If you do, read up on these.

    Give these a read (links courtesy of Esmi).

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    http://codex.wordpress.org/Hardening_WordPress

    After you've read through that, you want to take a backup of everything and put it somewhere safe.

    http://codex.wordpress.org/WordPress_Backups
    http://codex.wordpress.org/Backing_Up_Your_Database
    http://codex.wordpress.org/Restoring_Your_Database_From_Backup

    Once you've cleaned up and are satisfied, make another fresh backup as well of the clean blog. The backup is your friend and should be respected. It will put you right where you were incase the Really Bad Thing(tm) happens.

  5. Jan Dembowski
    Volunteer Mod. & Brute Squad
    Posted 8 months ago #

    Laughter, I took too long replying and you provided a URL. It's on line 42 and it's not an IFRAME, it's an img src.

  6. ehlifestyle
    Member
    Posted 8 months ago #

    Hi Jan,

    Thank you so much for your help and advice.

    So the cause of the trouble is from an img src code that someone hacked my site to put in? It's strange because this spam never happened to me before.

  7. kmessinger
    Member
    Posted 8 months ago #

    There is a 1px x 1px iframe on line 122 also.

  8. Jan Dembowski
    Volunteer Mod. & Brute Squad
    Posted 8 months ago #

    So the cause of the trouble is from an img src code that someone hacked my site to put in? It's strange because this spam never happened to me before.

    Once you're hacked it's pretty simple to hide/bury the compromised code. You'll need to see if it was caused by the TimThumb hack and if you're still vulnerable or if it was something else.

    Don't forget to also look at your .htaccess file.

    Edit: Oh, and when the site does come up, it's NSFW'ish. The Google cache still has the old copy.

Reply

You must log in to post.

About this Topic

Tags