Thread Starter
zepolo
(@zepolo)
Thank you
I will read those articles
Same problem here.
Whatever the cause, it only affects cached pages.
When I delete the cache, everything is fine, but once pages are cached again, the links return.
I will delete plugins to see if that changes anything, and will let you know when I see a difference.
There seems to be some related security problem, indeed, though I haven’t figured out where exactly.
trendyweb – there’s malware on your site. It appears in the cached pages because that’s what the plugin does. It caches the output of your site, be that legitimate html or nasty Javascript.
Thread Starter
zepolo
(@zepolo)
trendyweb and The ED
hyperlink added: primark
anchor: cheapclothesshops.co.uk/shops/primark-uk-cheap-clothes/
Do you have exactly the same problem or not ?
I have change permissions for cache (read, write..)and it seems fell better.
zepolo – disable the cache all you want but there’s malware on your site still, and it’s not in WP Super Cache.
Log out or use an incognito browser to search for your site on Google and visit, that may trigger the hacked code, it’s one of the ways they avoid detection by the owner of the site. Because the pages were cached you were able to notice them so it helped!
Those hacks really should define DONOTCACHEPAGE.. π
Yeah, it can seem like malware ‘returns’ when you serve an older cached page from before. Even when you’ve actually already managed to tackle the problem.
That might be why WP Super Cache seems like the root-cause, even though it isn’t.
Still something seems to have changed my wp-cache-config, thereby inserting an iframe.
Thread Starter
zepolo
(@zepolo)
Thank you very much Donncha for your comment.
I spend time for resolve my issue.
I found a suspicious file with a plugin. Lot of people have the same problems.
Plugin: PageNavi Automatic Page Numbers.
I noticed there are spam links at some of my posts. Deactivating the plugin (disable the cache) and the spam was gone.
Hope it help someone.
[ Malware code deleted. Please do not post that code in these forums. ]
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
I found a suspicious file with a plugin. Lot of people have the same problems.
That just means that your installation was compromised and needed to be deloused. It does not mean there is any problem with that other plugin.
Have you worked through the links that Esmi provided you with?
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Updated reply:
zepolo? You are 100% correct and that plugin does contain spam links. Thank you for catching that and your persistence for me to look closer. π
http://plugins.trac.wordpress.org/browser/pagenavi-automatic-page-numbers/trunk/pagenavi-automic-pagenumbers.php#L82
I’m drafting an email to plugins [at] wordpress.org and hopefully this will get resolved soon. In the meanwhile please consider deleting that plugin if you have not yet done so.
Indeed, this plugin is the culprit.
I downloaded a fresh copy and looked at the php.
the primark link, plus a number of other ones are already in there, so I do not think you have to be afraid of being hacked.
Just delete this plugin.
I have updated the pagenavi-automic-pagenumbers plugin to remove the spam code. Version 1.06 of the plugin is clean, however, I recommend finding an alternative plugin. That plugin will no longer be listed in our repository.
