Support » Fixing WordPress » A completely deleted page is still active and sending spam….I can't stop it..

  • This is going to be a long one….Sorry in advance.

    I created a page “Know Before You Go” back in March 2012 and have Unpublished it a short time after. Soon after I “took the page down”, I started receiving “Comments” spam and I thought it was because I had the pages accepting comments. I checked, and none of them were. The page itself has no content, just an attachment link that doesn’t work because it’s password protected. But why does the page even have a comments field when the page is set up not to accept them? I changed the content of my website about 3 times. About 3 months ago, I started getting spam again from this “Know Before You Go” page. I would just delete them and add their IP addresses to my CloudFlare account to block all the IPs sending the spam, but now I get at least 20 a day, and ALL SPAM. I contacted my web host (JustHost) and this is what was done:

    1. Deleted all “Know Before You Go” files from my File Manage, so there are no attachments at all. No password-protected files. No pictures. Nothing.
    2. Deleted the page that is allowing these comments: http://www.getaresolution.com/know-before-you-go
    3. Deleted all the pages and posts related to “Know Before You Go”.

    Now, for my current website, I have a large number of pages, some are published and others are not, but not one of them allow comments or pingbacks or trackbacks. I have not received any comments/spam regarding my current website. But I keep getting comment spam for that “Know Before You Go” page that does not exist anymore.

    When I was on the phone with JustHost, they said, they have no idea why there are no pages associated with “Know Before You Go” and yet the page is still coming up. They said that with “Comments” not being active, there shouldn’t be a section that allows posts. They went through my CloudFlare account and said that was working fine. The cache was purged and still that page is still there. They said it may take a few minutes. They stayed on the phone with me, checked it and they still were seeing the page. It’s been a few hours. I just checked the link again and it’s still there.

    This problem is a super-nuisance. And it just tells me that something is wrong with WordPress – the features are obviously not working properly. And again, this is only happening with this particular “Know Before You Go” page and not with any other page or post. And all my pages are set up to not accept comments.

    Though none of this makes sense technically, I hope it makes sense verbally. So, now I can say….Help!!!!….Please. 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi There:

    Perplexing and annoying. You included the link to the page in question and it certainly displays, so I’m making the assumption that it exists some where in your database.

    I use to “optimize and repair” my database(s) on a regular schedule through MySQL in the hosting companies Cpanels of all the sites I maintain. Now I do it monthly via plugin called WP-DBmanager

    There are several reasons for for doing this maint routine on your database.

    – size bloat over time as your add/delete content, plugins etc.
    – Orphan info in the database that sometimes get’s left behind
    etc, there’s more, but you get the idea.

    So my question to you is – Have you optimized/repaired your data base recently?

    (not saying this IS your problem, but it might be a good place to start if you haven’t started this or been doing it regularly)

    Ron

    Phil

    (@owendevelopment)

    Download a plugin called ‘Sucuri scanner’ which checks for places malicious code can be injected. It also provides ways to safeguard your WP install from future attacks and spam.

    Thread Starter ucallelse

    (@ucallelse)

    Thanks Ronmerk & Phil, but optimizing and Repairing didn’t work and neither did Sucuri Scannaer which says everything is perfect. I added some “tags” to my blacklist, so if I get any emails using these words, it will go straight to my spam folder. So at least, I don’t have to worry about that. I’m sure the list will get longer until I can take down “nonexistent” page.

    Any other suggestions.

    it looks like you may have some code injected. undoubtedly malicious.
    it’s a lot of work to eliminate it. and it gets by all these sucuri and et al checkers.
    check your header files. when you get into your cPanel file manager. pull up ‘view’ the file first, then ‘code edit’ next and compare. the malicious code block usually shows up right at the beginning in the code editor. but sometimes the injection is at the end of the file.
    for more info search for ‘malicious code injection’, and ‘Magic Shell Include’ information.
    from my experience I’ve come to believe that google scripts, ads and plugins are some of the sources.
    good luck.

    I advise you to block your script using the shell chattr command ( chattr -R +ias script.php)

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘A completely deleted page is still active and sending spam….I can't stop it..’ is closed to new replies.