Support » Plugin: Anti-Malware Security and Brute-Force Firewall » Unauthorised Links Injected

  • Resolved brightonseo

    (@brightonseo)


    Hi Eli

    I downloaded your plugin but I don’t know if it will help me.
    I have 3 sites on the same server that have had links inserted into the code and I can’t seem to find them in the files.
    I am prepared to donate a small amount as budget is tight but do you know how I can remove the links as they will probsbly damage my sites.

    One for the sites is tenerifeforum.org.es and if you look in the source code, you’ll notice this link: http://quick-loans.tripod.co.uk/
    That’s the link that was placed in the code without my knowledge.
    I only found out when checking my outbound links.

    Please let me know if you can help.

    Thanks
    Peter

    http://wordpress.org/extend/plugins/gotmls/

Viewing 15 replies - 1 through 15 (of 26 total)
  • Same problem here… http://www.memoriavisible.com

    Looks like the same link.
    Here’s what I did to remove it although I don’t know if it will come back because it ws injected from plugins, I’m not sure which one.

    1. Install Wordfence plugin
    2. Make sure in plugin options, you select the theme file changes and plugin file changes.
    3. Run scan and when complete, scroll down to results and click on retore file to original for plugin results.
    4. For theme result if any, jus ignore until it changes.

    Check source code again and you’ll see that the link is now gone.

    After this I installed Better WordPress Security as well to help hide some files and beef up security for the site.

    Plugin Author Eli

    (@scheeeli)

    If you can email me with a WP Admin login to your site I will look for the malicious code that is injecting that link.

    Send credentials directly to my email: eli at gotmls dot net

    Aloha, Eli

    Done.

    If you let me know how you get on and what you find please share it on this thread as it will be beneficial to me and others with the same problem.

    Thanks

    I have also sent a Penguin spam report for the link on your site so that’s the third one I’ve reported this week and I’ve been assured it will be deindexed. 🙂
    Whoever is doing this is wasting his time and money and everytime i see a link like this, I immediately report it so that it gets blacklisted.

    Seems like my problem is solve,MUCHAS GRACIAS. 🙂

    Plugin Author Eli

    (@scheeeli)

    vinciandres,
    I did remove the links from you theme files but there are more infections that I am still working on.

    Eli
    I don’t think this is a theme problem, it’s injected from plugin vulnerability.

    opps sorry, your administrator acount is ON again… sorry…

    And thakyou so much!!

    The bad thing about this hack is that it’s likely that there is a backdoor that the hacker has left in place so that they can keep on doing it,

    Plugin Author Eli

    (@scheeeli)

    vinciandres,
    I was not finished but it looks like you already restricted my admin access to your site so I cannot remove the rest of the treats I found.

    I guess you may want to do this yourself:
    1. There is still a backdoor in wp-includes/cm.php, this file can be deleted but make sure it is no longer included in any other scripts or it could break your site.
    2. Your .htaccess file in the root of the site has a malicious conditional redirect in it, but there is also good code in the bottom of that file.

    There may be other infections but, as I said, I could not finish.

    Aloha, Eli

    Eli
    Could you have a look at my site to see if there is any file that is compromised?
    I get the feeling you’re not interested in what I have to say which saya a lot really.

    Sorry Eli, i really Sorry, I thought you were done, I do not know how to solve these other infections. I appreciate what you’ve done so far. I have renewed your administration permissions if you can continue helping me.

    thanks anyway,

    I will donate as soon as i can.

    You are a bless

Viewing 15 replies - 1 through 15 (of 26 total)
  • The topic ‘Unauthorised Links Injected’ is closed to new replies.