Been hacked, random links are everywhere on my site? Some advice would be great!

  • bloomer_digital

    (@bloomer_digital)


    9 years, 6 months ago

    Hi guys!

    I’m working on a project for a small business called Ginsen – unfortunately the site has been hacked!

    This is the site – http://ginsen-london.com/

    Some previous designers were the ones who finished this project but ever since it’s been finished there has only been more and more problems with the site. Links have been appearing all over the site and I’ve had to go through everything and remove these links and fix their mess, but somehow they’re still being able to place these links on the site even after I remove them. I’ve changed all login details for hosting, FTP and WordPress – is it possible to do this sort of thing remotely? So maybe from a plugin they’ve installed or something?

    Here’s an example of one of the links – http://ginsen-london.com/mic.php?id=selmer-paris-mouthpiece-tenor-sax-s80-d-p-10415.html?zenid=ba17c78f19c232b02a07ec7a9f6f780b (there’s around 30 of them that’s been picked on Google Analytic’s as crawl errors)

    It looks like someone’s used an iframe which contains an entire shop using ginsen-london.com as a URL, so I presume this shop isn’t legit and they’re probably just taking money from people and not sending any products. I think they’re probably doing this for another number of sites as I found this company on eBay. I’d like to take these f*ckers down to be honest as they look like bloody scammers.

    Would be very grateful for any thoughts or advice on this situation!

    Cheers for reading!

    Charlie

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    9 years, 6 months ago

    Yes, remote link injection is done through backdoors. As the linked article indicates, locating these is very difficult. If you miss one in your cleanup efforts, they’ll be back, possibly in seconds there will be links all over the place again.

    The only sure fire cleanup method is to wipe everything and restore from a known clean backup. It’s certainly possible for immoral web consultants to install backdoors, then use them for retribution if they are not paid for their work. It is far more likely the hackers got in using a security vulnerability in the site. It could be a plugin, a weak password, or even a vulnerability elsewhere on the site unrelated to WP.

    For a more complete discussion of this issue, read FAQ My site was hacked and Hardening WordPress.

Viewing 1 replies (of 1 total)
  • The topic ‘Been hacked, random links are everywhere on my site? Some advice would be great!’ is closed to new replies.