Support » Fixing WordPress » Hidden Spam Links

  • Hi,

    My site is here:

    http://www.yourvancouvermortgagebroker.ca

    If you look at the source, at the very bottom, there is the following code:

    </script>
    
    	<script type='text/javascript' src='https://www.yourvancouvermortgagebroker.ca/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.47'></script>
    <script type='text/javascript' src='https://www.yourvancouvermortgagebroker.ca/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.2'></script>
    <a href ="http://webhost.wboy.org"><img src="https://www.yourvancouvermortgagebroker.ca/wp-content/themes/Minimal/images/blank.gif" height="1" width="1" /></a>	
    
    </body>
    
    </html>

    I’m trying to figure out where the wboy.org link came from and how to get rid of it. Not sure which file it’s in. I downloaded this theme from a site so it could be filled with spam, is there any way to… scan your themes? Should I be worried of anything else malicious on my site?

    Thanks,

    J

Viewing 7 replies - 1 through 7 (of 7 total)
  • I’m guessing it is part of the theme because the link to the image is within the Minimal theme that you are using.

    It could be in footer.php, but also may be added via functions.php

    Can’t seem to find it anywhere…

    It rotates around spam links, ie: it’s a different link (out of 4) every hour or so.

    Functions.php:

    <?php 
    
    require_once(TEMPLATEPATH . '/epanel/custom_functions.php'); 
    
    require_once(TEMPLATEPATH . '/includes/functions/comments.php'); 
    
    require_once(TEMPLATEPATH . '/includes/functions/sidebars.php'); 
    
    load_theme_textdomain('Minimal',get_template_directory().'/lang');
    
    require_once(TEMPLATEPATH . '/epanel/options_minimal.php');
    
    require_once(TEMPLATEPATH . '/epanel/core_functions.php'); 
    
    require_once(TEMPLATEPATH . '/epanel/post_thumbnails_minimal.php');
    
    $wp_ver = substr($GLOBALS['wp_version'],0,3);
    if ($wp_ver >= 2.8) include(TEMPLATEPATH . '/includes/widgets.php'); ?>

    Footer.php:

    <div id="footer" >
    		<div id="footer-content">
    			<ul id="bottom-menu">
    				<?php global $is_footer, $page_menu, $category_menu;
    				$is_footer = true;
    				elegant_init();
    
    				if (get_option('minimal_home_link') == 'on') { ?>
    					<li <?php if (is_front_page()) echo('class="current_page_item"') ?>><a href="<?php bloginfo('url'); ?>"><?php _e('Home','Minimal'); ?></a></li>
    				<?php }; ?>
    				<?php if ($category_menu <> '<li>No categories</li>') echo($category_menu); ?>
    
    				<?php echo $page_menu; ?>
    			</ul> <!-- end ul#bottom-menu -->
    
    		</div> <!-- end #footer-content -->
    	</div> <!-- end #footer -->
    </div> <!-- end #page-wrap -->
    
    	<?php include(TEMPLATEPATH . '/includes/scripts.php'); ?>
    
    	<?php wp_footer(); ?>
    </body>
    </html>

    And scripts:
    [code block removed as per the forum guidelines]

    See anything out of the ordinary?

    Looks like it’s a complex theme, you’ll have to do a search for wp_footer in all the files looking out for add-action then check every function

    eg add_action('wp_footer','thefunctionname');

    and see if you can find where it is being added.

    Hey thanks for your replies.

    I did a full text search of all the files, and this is the only wp_footer add_action that came up:

    function integration_head(){
    	global $shortname;
    	if (get_option($shortname.'_integration_head') <> '' && get_option($shortname.'_integrate_header_enable') == 'on') echo(get_option($shortname.'_integration_head'));
    };
    add_action('wp_head','integration_head',12);
    
    function integration_body(){
    	global $shortname;
    	if (get_option($shortname.'_integration_body') <> '' && get_option($shortname.'_integration_body_enable') == 'on') echo(get_option($shortname.'_integration_body'));
    };
    add_action('wp_footer','integration_body',12);

    Is this normal?

    Thanks.

    No idea(I’m not familiar with that theme), you’d have to now follow that code through and find out what us stored in those option values. You’ll need to find out what $shortname equates to first then look for $shortname.’_integration_body’ in the wp_options table.

    Sorry, I’m really new with this stuff. So in which file would I find what $shortname equates to? And you’re talking about wp_options table through phpmyadmin?

    thanks

    sorry but no idea in which file it’s set up.

    And yes in the database.

    Just remember it might not be the cause and could be something innocent, and the problem may lie elsewhere.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Hidden Spam Links’ is closed to new replies.