Seems that the htaccess file is affected, there are several links in the french text to “harmless” websites, which are forwarded to https://secure-rx-market.net/product/viagra.html?track=sol
had an issue with my htaccess-File but unfortunately changed it via Permalink-Update, so I can’t check this.
Same here, wordfence didn’t block and till now I couldn’t find any files with malicious code, only altered the database entries in wp_post. Wordfence recognised a SEO Hack in the caching files from WP_Total_Cache, but nowhere else.
the Javascript code at the beginning of the content looks like (function names are different in each entry):
<script type=”text/javascript”> function style_array_chunk73() { return “none” } function end73_() { document.getElementById(”rzd73”).style.display = style_array_chunk73() } </script>
The french spam is in div tags with an title or an id
at the end of the content the script looks like this:
<script type=”text/javascript”> end73_() </script>
Didn’t find anything via google about this.
