Need Help Please

netman003
(@netman003)

18 years, 8 months ago

Hello,
I’ve tried posting this several time but for some reason my post doesn’t show up. Anyway, here’s my problem. When I went to my blog today I noticed that someone has placed an image of a young lady on the right side of the main page. I have no clue on how to remove it. I’ve tried looking for the the image on my theme editor but had no luck finding it. The image on the source page is 0012_female_student.jpg
I’ve also tried to look for this image on my ftp server and again I couldn’t find the image. Are there any technical wizards out there who could help me remove this image? Here is the link to my website:
http://thegadgetgeek.com/
I would appreciate any help.
Thanks everyone

Viewing 4 replies - 16 through 19 (of 19 total)

← 1 2

whooami
(@whooami)

18 years, 8 months ago

Youre welcome … Glad it’s sorted 🙂
bebopblues
(@bebopblues)

17 years, 9 months ago
I’m getting the same hack on my site just today. The “http://i.nuseek.com/images/template/Large-Square/0012_female_student.jpg” image appears on the homepage.php that I use for the static page. Homepage.php is just a copy of page.php from the mandigo theme. The only difference is I added a line to a display random images. If I remove this line, then the image disappears. This is the line I added:
<?php include "http://domain.com/images/random/random_image.php"; ?>

I checked random_images.php thoroughly and there is nothing wrong with it, it’s a fairly basic code:
```
<?php
$total = "8";
$file_type = ".jpg";
$image_folder = "/images/random";
$start = "1";
$random = mt_rand($start, $total);
$image_name = $random . $file_type;
echo "<img src=\"$image_folder/$image_name\" alt=\"$image_name\" />";
?>
```
I upgraded to wordpress 2.6 and it still doesn’t help. I removed the random_images.php line for now, but would like to know how to fix this.

Please advice.
840473

17 years, 9 months ago

Hi Bebopblues

I had this problem just today & using some of the advice of whooami as well as some thinking outside the square, found that problem with my site & fixed it.

My “rogue code” was inserted into the footer.php & on first look you would never have noticed it as all it had was:

<? include(“layout.lt”); ?>

Which seemed part of the theme coding. But then I opened the layout.lt file & found that it was this file that was calling up the image & the other stuff. So I took this line out & all is fine.

Yours may not be the same, but look for any code in your site that doesn’t seem familiar. Also look through the files inside your chosen theme in wp-content/themes. You may find an odd looking file.

If you send us your site URL we can at least find which page you should look at..

Hope that helps!

bebopblues
(@bebopblues)

17 years, 8 months ago

Thanks colio.

I searched all the files to find any strange codes but not finding it. I just removed the random_images.php for now as I can’t figure out how to undo the hack. I might have install wordpress from scratch and restore backups just to get rid of it.

Just curious, how is this hack executed? Is it exploiting a flaw in wordpress? And has this flaw been fixed in the latest wordpress? Also, how would one report this to the developers?