Support » Fixing WordPress » Site hacked: Need help finding how link farm added to footer

  • Resolved tshirtfiend

    (@tshirtfiend)


    My company’s blog was hacked, with a link farm added to the footer. This appears to be a hack to the theme files, as it is code that I can see if I edit my footer.php file. Deleting the links just causes them to re-appear in a day or so though.

    I’ve tried a few things to remove the hack, to no avail. I’m at the point where I believe my only option is to re-install WordPress (keeping the database).

    It just bothers me that I don’t know where the link farm code is coming from though. I don’t want to miss something, as I’ve never been able to find the code which generates the links.

    Can anybody suggest somewhere to look that I may not have tried?

    Here’s a link to the site, if that helps:
    http://www.alphabetarm.com/thebloggery/

Viewing 15 replies - 1 through 15 (of 17 total)
  • Moderator Mark Ratledge

    (@songdogtech)

    Forum Moderator

    Everything you need to know to recover and reinstall is here: http://wordpress.org/support/topic/307660?replies=1

    yeah, it looks ugly.

    Check this similar problem, the guy just finished cleaning his blog.

    Hacked: I can’t find these Spam links anywhere? Plus more spam advice?

    Ok, thanks. I’m not seeing any of those “base64”, “forex” or “eval” bits that people point to as the usual culprit.

    Starting from scratch is a pain, but I can handle it. It’s mostly that I just don’t know what the source of the problem is. If there’s a back door that has been created by the hacker, for instance, I want to make sure it’ll be removed when I’m reinstalling.

    Moderator Mark Ratledge

    (@songdogtech)

    Forum Moderator

    If you clean your DB and make sure there are no other admin accounts and change all passwords related to the site, you can close many potential backdoors, as shown here.

    Talk to your host, too, esp. if you’re on shared hosting. They may have seen/know more and know where the access is coming from.

    So I went through ALL of the steps on the WP Smackdown site, as directed. No luck. Still the same problem.

    Anybody have an idea what I’m missing? My host is blaming WP, so I don’t think that there’s much that I can do there.

    yeah….I just had footer links show up again. I’m truly stumped. I’ve done absolutely everything, and still I get the spam links.

    Did you go through the steps as suggested? Or are you just getting started?

    My thread is the one referenced by bottleneck in the 3rd post in this topic.

    I’ve done some serious cleaning/rebuilding already.

    post your footer.php code as it may be grabbing data from somewhere

    My footer is definitely not pulling data from anywhere, I checked the code and once I remove the spam, it’s clean. (I wrote the theme…).

    (I can post the code if its necessary….but it’s a simple footer)

    could you rename you footer.php as footer_new_name.php whatever in your theme and make sure the same in general-template.php (wp-includes folder)?

    If that malicious script aims at you footer.php let it shoot in the void.

    Sorry, if that advice is sort of naive, just trying to help…

    well….anytime you change anything in the wp-includes folder, you will lose the change with every upgrade…..

    i will remind you :))

    that’d be awesome!

    I just really want to know where the links are coming from…. I’m waiting on a reply about logs & stuff from my host…but it’s so annoying….

    download the database .sql dump
    open it with notepad and search for the links or code used in the footer

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Site hacked: Need help finding how link farm added to footer’ is closed to new replies.