WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Unwanted text links on the site…

[Resolved] Unwanted text links on the site…

  • Hi! Today I saw weird text links all over my blog that seem to be some kind of spam virus/malware. I installed Wordfence and scanned the system. It found some files that had been changed but it was 1-2 months ago, at the same time as I changed my design and the changes were some translation changes etc – nothing harmful). Wordfence found nothing else and claims my site is clean.

    I have tried this on Chrome and IE and on different computers and it all looks the same. When I view source through Chrome I can find the code that has been put there but I have no clue how to remove it and how to make sure it doesn’t show up again…

    Can anyone help? :S

Viewing 15 replies - 1 through 15 (of 33 total)
  • WPyogi
    Forum Moderator

    @wpyogi

    Can you post a link to your site? That kind of thing can be caused by a number of things – a plugin might be doing it, hacking (even if it’s supposedly clean that can be wrong), browser addons, your computer might have malware or maybe something else.

    Hi, sure, the page is in Swedish but here it is 🙂 (you can see it on the left side of content as “download master crack”, “online books”, “get more information” in a bold text link.)

    WPyogi
    Forum Moderator

    @wpyogi

    Try deactivating all your plugins to see if that changes anything. Do you have any kind of “download” plugin or service?

    I deactived all plugins but it’s still there (I have activated them all again). I am not sure what you mean by download plugin or service…? :S

    I have also found this by entering view source in Chrome:

    <!--maincontentstarts-->
    <div><a href="http://akmovie.org" onclick="javascript:_gaq.push(['_trackEvent','outbound-article','http://akmovie.org']);" target="_blank" title="akmovie.org" style="position:absolute; left:-5873px;">akmovie.org</a> <a href="http://candownload.org" onclick="javascript:_gaq.push(['_trackEvent','outbound-article','http://candownload.org']);" target="_blank" title="here" style="position:absolute; left:-5690px;">here</a> <a href="http://copymovie.org/" onclick="javascript:_gaq.push(['_trackEvent','outbound-article','http://copymovie.org/']);" target="_blank" title="More Bonuses" style="position:absolute; left:-3950px;">More Bonuses</a> </div>
    <p><!--maincontentends--></p>
    WPyogi
    Forum Moderator

    @wpyogi

    WPyogi
    Forum Moderator

    @wpyogi

    Per your last post (we cross posted) – yes, that’s what I was referring to…no good 🙁 .

    Hi again, I have now looked through the links you sent and have backed up my site, re-installed wordpress through a zip file, changed passwords to everything and still, the text links are there. My server provider says that the malicious code is in wp-includes/class-template.php (below) but now that I reinstalled WP, that file is gone and the text links are still there..

    Don’t really know what to do from here and it’s really frustrating 🙁 Any other ideas?

    [ Very bad malware code removed ]

    Jan Dembowski
    Moderator

    @jdembowski

    I’m sorry but that code shows that your installation is hacked and needs to be deloused. Please give those articles that WPyogi posted a good read. They can help you get a handle on your situation.

    The code that I wrote above is now gone, though, and it still shows the text links 🙁

    Jan Dembowski
    Moderator

    @jdembowski

    The code that I wrote above is now gone, though, and it still shows the text links 🙁

    Unfortunately that makes sense. The code you posted here was designed to modify all of your files in wp-includes.

    You really need to delouse your installation. There really is no shortcut for that… 🙁

    Okay, I see! I’m not sure what delouse means though (hope u bare with me I’m just a hobby blogger with not much knowledge of these things and expressions =/) ? Do you mean exporting all my files, removing all WP files and then reinstall everything?
    Are there any tutorials for that what you mean I should do?

    Thanks for all your help you guys, it’s really appreciated!

    esmi
    Forum Moderator

    @esmi

    See the links that WPyogi posted above.

    esmi: I did, I followed this one: http://codex.wordpress.org/FAQ_My_site_was_hacked and removed all the files from the director (wp-include and wp-admin + restoring some files in wp-content) and then installed a fresh copy of WP but still no change.

    esmi
    Forum Moderator

    @esmi

    You need to follow the rest of the posted links.

Viewing 15 replies - 1 through 15 (of 33 total)
  • The topic ‘[Resolved] Unwanted text links on the site…’ is closed to new replies.