2.8.3 footer frequently injected with link farm (6 posts)

  1. mciarlo
    Posted 6 years ago #

    I am running WordPress 2.8.3 with three plugins enabled:

    Akismet (2.2.6)
    Exclude Pages from Navigation (1.4)
    Get Recent Comments (2.0.6)

    My site is almost daily now having code injected into the footer. We have been removed from Google results because of this and have been struggling to address the problem.

    The site is http://www.cairoshell.com

    Anyone know a fix for this?

    Thank you in advance.

  2. whooami
    Posted 6 years ago #

    ok, so what version of wordpress were you running before that?

    youve been completely removed from google's index so I cant even find a cached page to check that myself.

    Here's *my* directions with some links to more info:


    One important thing to keep in mind is that if your site was compromised before an upgrade - an upgrade, alone, rarely removes the resulting problems.

    Also, just to rule out the most common mistake with themes, since you appear to be using a custom one.. you are NOT using anything like this in any of your theme files?

    <form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    If so, you need to change that.

  3. mciarlo
    Posted 6 years ago #

    We were running 2.7.1 before the upgrade. We are not using anything like the code you describe in our template.

    I will take a look at your directions and implement as many as I can.

    Would a re-install of WordPress and recreation of the DB be recommended?

  4. whooami
    Posted 6 years ago #

    We were running 2.7.1 before the upgrade.

    ok, so you were probably hacked before you upgraded.

    you just didnt address it then.

  5. ryannagy
    Posted 6 years ago #

    Can someone tell me where this code (mentioned above) might be found?

    <form method="get" id="searchform" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    Thanks - Ryan

  6. dsheetz
    Posted 6 years ago #

    I have a site that is having the same problem. I looked at your site


    I viewed source, and I don't see any injected code, so it appears you got this fixed. Can you explain what you did?

    We're running 2.8.2.


Topic Closed

This topic has been closed to new replies.

About this Topic