WordPress.org

Support

Support » How-To and Troubleshooting » Google Adsense Hack on my Blog

Google Adsense Hack on my Blog

  • Our site, http://www.concurringopinions.com, keeps getting hacked and having google adsense ads embedded in the code. We have changed all the passwords and removed the code (numerous times) but they keep coming back. The hack ranges from placing the code in theme files to adding widgets with adsense code.
    Additionally I have made the files read only and it still happens. It began yesterday and will not stop. Can someone please tell me how to eliminate this issue as the ads are destroying the cosmetics of the site.

Viewing 13 replies - 1 through 13 (of 13 total)
  • the same thing happened to me last night at http://indiemusicfinds.com

    the adsense ads look identical too, I emailed google adsense one of the links so they can ban the account so they don’t get the money.

    I think I’ve just found the code that’s doing it in my Theme’s Main Index Template.
    There’s something about adsense and a JS script. I’m not sure how much of it I need to take out though, i don’t want to break anything.

    I’m worried that they’ve put some other code in the wordpress files to allow them backdoor access again which it looks like has happened with yours for them to keep putting it back.

    Posted by <span><?php the_author() ?></span>  |  Posted in <span><?php the_category(', ') ?></span>  |  Posted on <?php the_time('d-m-Y') ?>
    						</h3><script type="text/javascript"><!--
    google_ad_client = "pub-2269506850128822";
    /* 728x90, created 7/25/09 */
    google_ad_slot = "7353594443";
    google_ad_width = 728;
    google_ad_height = 90;
    //-->
    </script>
    <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
    </script>
                        </div>

    Can you tell me whether this is the code I need to remove anyone? I’m not expert with this stuff.

    You need to remove the following part only:

    <script type="text/javascript"><!--
    google_ad_client = "pub-2269506850128822";
    /* 728x90, created 7/25/09 */
    google_ad_slot = "7353594443";
    google_ad_width = 728;
    google_ad_height = 90;
    //-->
    </script>
    <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
    </script>

    Thanks, yes I just took it out.

    Now another one has appeared in my side bar at the bottom.
    Do you know how to get rid of this one?
    It’s not showing up as a Widget in Appearance-Widgets.

    no worries i just found it in sidebar.php.

    I hope this doesn’t become a game of cat and mouse.

    I’ve just found this in my functions.php

    }
    eval(str_rot13('shapgvba purpx_sbbgre(){$y=\'Gurzr ol : <n uers="uggc://jjj.jroubfgvatercbeg.pbz/orfg-cuc-ubfgvat.ugzy">CUC Jro Ubfgvat</n>\';$s=qveanzr(__SVYR__).\'/sbbgre.cuc\';$sq=sbcra($s,\'e\');$p=sernq($sq,svyrfvmr($s));spybfr($sq);vs(fgecbf($p,$y)==0){rpub \'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\';qvr;}}purpx_sbbgre();'));

    It looks a bit out of place and the uggc://jjj. part looks like an odd version of http://www. where these codes might be being fed from.

    Can someone tell me whether this is supposed to be here before i take it out?
    There’s another one at the bottom of fuctions.php as follows

    }
    
    eval(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}'));
    
    ?>

    It has become a game of cat and mouse. I removed probably a dozen so far and now the one at the top of our blog is impossible to find. I am searching all the files but have yet to find it.

    I’m guessing it’ll be in header.php

    I looked it isn’t there. I have gone through all my theme files and it is nowhere. Which functions.php did you find the weird code? The theme one or the main WP one?

    the theme one, i think, it’s in the wordpress panel. Appearance-Editor

    i’m fairly sure that’s what’s doing it, it looks very suspect. I want someone who understands these files to confirm first though.

    Can someone from WordPress please respond to this? It is still taking place and is annoying. Any clue as to where to look for an app or widget or bot that is doing this would be greatly appreciated.

    Make sure that you are not using free web hosting (it often comes with ads) and see: http://codex.wordpress.org/FAQ_My_site_was_hacked

    I’m not using free hosting. The site has been around for quite a while and he just started happening. Thanks for the link.

    When mine was hacked I found a modified version of an adsense plugin installed. The name had been changed to wp.

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Google Adsense Hack on my Blog’ is closed to new replies.
Skip to toolbar