Hacked? Huge link farm added to footer

tommysollen
(@tommysollen)

15 years, 6 months ago

A huge link farm keeps getting added to my blog, more specifically to the footer.php.

This has resulted in an exclusion by Google.

I keep removing it but it always comes back again. How is this happening and how can I make it stop?!

Theme is Green Marinée 1.0
Active plugins are
Akismet 1.15
flickrRSS 3.1.2
SimpleTags 2.0
WPvideo 1.10
Wordpress database backup 1.7

The spam link farm that’s added is huge but here are a few lines from it.

<u style="display:none"> <a href="http://comune.adelfia.bari.it/dev/dev.php?11065">feedster on viagra</a> <a href="http://comune.adelfia.bari.it/dev/dev.php?24199">diazepam belgrade 1999</a>

Viewing 10 replies - 1 through 10 (of 10 total)

umair
(@umair)

15 years, 6 months ago

your website?

Thread Starter tommysollen
(@tommysollen)

15 years, 6 months ago

URL is http://vdblogg.visitsweden.com/

The spam is there right now (bottom of source code). If I would remove it it would come back within hours.

dhadbawnik
(@dhadbawnik)

15 years, 6 months ago

i’ve had a similar problem, except in my case the most recent post is taken down and a huge set of code is plugged in to the bottom of it. i have to go back to the edit mode, remove the code, and re-post it, only to have it taken down in a few hours with more code in there. any help with this would be greatly appreciated!

my site is

http://www.habenichtpress.com/index.php

and here is some of the code

</p><u style=display:none>Order Naprosyn
Purchase Pilex
Buy Lanoxin
Didrex
Purchase Zyban
Cheap Penisole

iridiax
(@iridiax)

15 years, 6 months ago

Please, can anyone shed some light on this problem?

You are using an outdated version of WordPress that’s vulnerable to hacking.

http://wordpress.org/search/hacked?forums=1

lfreberg
(@lfreberg)

15 years, 4 months ago

We are using a 2.6 version of WordPress…updated last summer just to avoid this very same problem, and now the hackers have found a way to get to the footer in these newer versions as well. The blog that was hacked doesn’t even allow people to register to comment 🙁 It’s an arms race, folks….we use rex swain’s http viewer daily to check for these. I recommend you do the same.

mrkingid
(@mrkingid)

15 years, 4 months ago

Current version is 2.6.5. The reason for these updates is to close vulnerabilities like you are experiencing. You need to update every time a new version comes out to avoid hacking.

lfreberg
(@lfreberg)

15 years, 4 months ago

Updating WordPress for the three blogs I maintain is a huge investment in time, and then we get hacked anyway. I’ll do it, if it solves this hack, but otherwise it’s actually faster to use Rex Swain and upload a fresh footer whenever we’re hacked. It sure would be nice if WP could make the upgrade bit easier…hint hint hint 🙂

websynn
(@websynn)

14 years, 8 months ago

I have 2.8.2 and have the same problem… can’t figure out how they are doing it…

whooami
(@whooami)

14 years, 8 months ago

websynn,

I have 2.8.2 and have the same problem… can’t figure out how they are doing it…

they keep doing it because youre running an exploitable version of wordpress, and, secondly, you havent closed the holes that have been created.

Moderator Samuel Wood (Otto)
(@otto42)

WordPress.org Admin

14 years, 8 months ago

When a site gets hacked, usually they leave themselves a backdoor. This is a way back in, even if you upgrade to the latest version. You need to find the backdoor and examine server logs to determine how they got in in the first place.

If you’re using shared server hosting, then it’s quite likely that they didn’t get in via WordPress.