Support » Fixing WordPress » Website hacked: Crazy floating ad on my site now

  • So I just found out that my website got hacked, 411posters.com

    There appeared this crazy floating ad on my website that takes you to a hair-related website. No matter where I am in my site, whether it’s the main page or on my dashboard, the ad is there.

    I updated my wordpress and all my plugins. Still there.

    I deactivated each plugin one-by-one and refreshed my website each time to check, and it’s there each time.

    On top of that, any emails ending in @411posters.com all of the sudden are not receiving any emails and are getting bounced. Coincidence?

    I have no clue what to do. Please help!

Viewing 5 replies - 1 through 5 (of 5 total)
  • I am sorry to hear your site is damaged. Do you or your hosting company have a full backup of your site? The fastest and most sure way to repair your site is to restore from a backup made before the hack.

    Without a backup your only permanent solution is to repair the site. Follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    JSHIB

    Check your header and footer and body tags

    I found the source of your issue, if you use Chrome use search element. You will see the floating ad script there. The text will change as the ad floats to different positions of the screen. It could be because you have your two iframes for timeanddate.com and another. Get rid of that nobody needs to know your server time, that is a security breach in itself.

    I have broken up the script so it doesnt appear on here but this will solve your issue

    id="pic1" style="z-index: 9999; position: absolute; left: 123.071516772593px; top: 471.209803490116px;" a href="http://reehair.com/" target="_blank"
    
    http://show.igooglefiles.com/pic.jpg
    http://js.users.51.la/17683247.js
    http://www.51.la/?17683247
    http://icon.ajiang.net/icon_0.gif

    This ad is in your readme.html file too. Check your header or footer.

    script type="text/javascript" src="http://show.igooglefiles.com/pic.js" script script type="text/javascript" src="http://show.igooglefiles.com/new.js /script

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    If you want to break up the script just wrap it in backticks as I’ve done for you. 😉

    @jshib The advice you’ve received is already is right on target. Give this a read.

    https://codex.wordpress.org/FAQ_My_site_was_hacked

    That should get you towards delousing your site.

    MrMiyamoto

    (@mrmiyamoto)

    I’m suffering from the same hack but that code, or a base_64 encrypted version of it is *nowhere in any of my files*.

    cukeving

    (@cukeving)

    They could have hacked the database, WordPress core or any plugin – the hack does not have to be in a theme file.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Website hacked: Crazy floating ad on my site now’ is closed to new replies.