Let me start by saying I am not a highly experienced PHP individual but I am not a novice either.
It has been brought to my attention that my website has had a URL injected on every page with a spam link to an adult site. It is invisible but if you press control+F on any page and search for it, it will show up. Also, if you check the page source you can see where it has been added.
I started by doing the logical things:
1 - I downloaded the entire site locally and using Notepad++ searched through all the files for the url syntax. It returned no hits.
2 - Then I downloaded the entire database (SQL format) and searched it for the syntax as well. However, it too returned no hits.
I would have thought that syntax would show up in one of those two areas but it does not. What do I do now? Where else could this url be hiding and injected from?
Any suggestions would be highly appreciated.
Thanks!
Please check footer.php, functions.php in your wp-content/themes folder, general-template.php in wp-includes folder.
Next time integrate git with Wordpress to check for file changes.
Recommended to install Wordfence, jetpack plugins for better security.
Related
I have a wordpress website, I created a customized php template to the homepage and loaded from the back-end in the template page settings.
During the last months everything was working perfectly when I change anything to the template code effects the homepage without any problems.
Suddenly, yesterday when I tried to upload a updated file, nothing changed on the homepage.
I remove the browser cache, and wordpress cache, used another device to check, without any luck.
The wordpress black admin tools bar appears on all sites pages so I can edit and control this page, but it's not appears on the homepage.
For sure I checked again the theme settings for the homepage and page template settings, and everything is correctly configured.
I tried to activate another theme, the surprise that I found the homepage still the same and all other pages changed to the new theme.
I am losing my mind due to this, and I don't understand what may happened.
Download your site on your computer and see whether it happens also on your own computer when simulating with XAMPP.
Are you sure that the new added files are really being uploaded to the server? did you check it up with downloading the files? Maybe the modified files could not been uploaded? Another thing would be that some new installed plugins are making those problems. Have you installed some new plugins like a plugin which are speeding up your wordpress site? There are some popular plugins which speed up your site with caching your whole site and working as a CDN.
Since i dont know which modification you do on your website it is difficult to find a solution. If those modifications are changes of articles then look into the database.
You could look into the SQL Database whether those new information are being saved. E.g. you try to post a new article. Is this article being saved in the SQL database? Do you see any errors on the page? Does this effect each page / section of your website or is it only for a specific module e.g. "image uploader"??
Did you try to replace a simple image on your site with another image ? Can you see the difference on the website? I would start with little steps to be sure whether this is a server issue, template issue or sth with unsufficient priviliges. There were also new wordpress updates, maybe they affected your template? Another thing would be to recover your complete site from a backup and see whether it works like before and be sure that your site has not been hacked.
I've just started doing some website work for a local business, and I noticed today that there's a very unwanted link at the bottom of their site, which is a wordpress site.
The site makes use of a woo theme called 'whiteLight', as well as woocommerce. I've tried disabling and reenabling all plugins that aren't well known and integral to the site's functioning, and I've sifted through a lot of the theme's files.
I can't find where this line is being added to the site. The line "<center>*bad link here*</center>" is being inserted right after the header and right before the closing body tag, on the home page only. The link in question is actually linking to naughty files inside a directory within the wordpress installation. It's not even taking users to an ouside site as far as I can tell.
I don't have FTP access to the wordpress directory yet, but I've requested it. I have very little experience with wordpress hooks etc, and am hoping someone can help me find a starting point in weeding out this unwanted link.
Thanks in advance!
WordFence is the best security plugin for WordPress. I'd recommend you follow the instructions at https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Another good resource to read is https://codex.wordpress.org/FAQ_My_site_was_hacked
I recommend you search all the files as norlesh suggested. If this was my problem I'd use Jetbrains PHPStorm to search all the files. Another much cheaper solution would be to use Textpad - https://www.textpad.com/
It's also possible that the link has been inserted into your database. If so you won't find it in your files. You'll have to search the database. Use a program like phpMyAdmin or MySQL Workbench to export the whole database to your machine. Then search the sql file for the URL. Alternatively use https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ which is a handy tool you upload to the server. From there you enter db login details and search the database. Note if you use this script you should delete if off your server when you've finished using it, it's a huge security risk.
I am really new to Wordpress and I haven't use it before. So I have source code of Wordpress which is already installed somewhere on says www.theshop.com. I took out the source code and upload it into another server xx.xx.xx.xx/theshop. I have also set up the MySQL and the it's database is already there.
When I go to xx.xx.xx.xx/theshop in the browser, the page is successfully displayed, however the CSS is missing. The menu link also seems to hold the previous domain still like theshop.com/theshop/?pageid=1. I have changed the DB config in wp-config.php however I could not find how to solve this absolute path or domain issue maybe.
Sorry if I miss anything but please let me know if any other information required. Again this is my first involvement in Wordpress. There is no cPanel or any automated installer for Wordpress on my server. Plus the browser says my Wordpress is already installed. Any feedback is greatly appreciated.
I just uploaded a Wordpress theme onto my Website.
I get url redirects to website when I am browsing though my website.
The malicious site it links to clickbank.com.
I have scanned all my files with TAC and exploit scanner, but it did not pick up anything.
this picture may help you to find the problem from Entries RSS.
check function.php or search for windows.location code in all project repo
you can search all code by notepad++
While this may not be a direct and final answer, because there are many possibilities.
You may also tell us what is your theme or installed plugins too if they are free for download, we may try.
You seems to be testing in localhost., IMO you may try to eliminate all possible factors first.
Did you install any plugins? (if so)Did you test also the plugins?
Did you scan your database for this link?
Sometimes this kind of problem also appear from Database side since some problematic plugin may put those link in DB, apart from using exploit scanner, you might have to manually check once.
After all, did you also try a clean install to test the theme?
In addition, if it is a very Wordpress specific questions, you may consider posting in Wordpress Stackexchange
I have a magento theme installed on a folder: http://mysite.com/mag/
On the main folder, mysite.com it's running a website on Zen Cart, so I created a folder called "mag" where I installed magento.
It worked until now..
Only the first page is loading when I access mysite.com/mag/, but when I click on a diffrent page I-m sent to the index page from: mysite.com (and the url showed is: http://mysite.com/mag/page-like-this.html)
So where is the problem?
It worked before, and right now it doesn't work any more..
So as was discovered trough our comments you have most probably been hacked in some way. There are a lot of steps to go trough to clean a website and its impossible for us to tell you what to look for without knowing what kind of attack you where a victim of.
But, you can safely delete all those .html files since they should not be part of magento/zend framework. Also look for weird javascript that would be encrypted. One very long string of minimized javascript somewhere at the end probably of all the html files and probably your main index.php file.
There is a lot of ressources online to help you I suggest googling "magento hacked" or some such thing.
Good luck!
Here's a stackoverflow question about some such hacks on magento.