noscript Spam in WordPress

  • In doing some research I’ve found a number of people having this same problem but no real solution. I’m running WordPress 2.3.3, so it’s the latest version with the supposed fix, but I’m still having issues.

    Basically I have a noscript tag with a few spammy links that have been embedded into the bottom of every one of my posts. It’s not in the database so some code somehwere is adding them to the bottom. Has anyone seen this before and have some idea where I should look for the offending code? Thanks very much.

    =Ryan Stewart
    https://blog.digitalbackcountry.com

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    If it’s not in your database, then the obvious place to look is in your theme itself.

    Thread Starter ryanstewart

    (@ryanstewart)

    Hmm, tried switching the theme but they still show up. Could they have modified the WordPress core code somehow?

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    Well, lacking all else, download a copy of the entire site, then search for the material in there using a text search utility. I use TextPad, but there’s several utilities that can search inside lots of files.

    Final resort: Don’t trust any files. Replace the whole site with known good files, freshly downloaded from the original source.

    I’m getting more of these “noscript” injections again. I thought the upgrade to 2.3.3 had stopped them, but I just found two more.

    I see noscript spam in one post from a blog. The spam is from https://www.toques1.com, search it on google to find more.

    I write a comment to this post but no reply…

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    Telling us that you’re finding spam in your posts doesn’t help us unless you can also tell us when it actually appeared there, and give us details and server logs and things. I mean, “I have a problem” is not helpful information when we don’t have the same problem.

    And posting this information here is doubly pointless. Email any security issues to [email protected], but be sure that you include enough information to actually find any possible code issues. Simply saying “I found stuff in my posts” is not helpful or useful unless you have all the logs to back it up.

    I’m getting these too… I’ve renamed my XMLRPC.php file as suggested in another post but it’s still finding it’s way into posts after they’ve been submitted.

    Example: `<noscript>Il &lt;a href=”https://www.casinoqualita.com/casino-live-giocare-practica.html”&gt;https://www.casinoqualita.com&lt;/a&gt; ? anche fair play.</noscript>
    `

    Anyone have any further insight to this? These links cause your Google search results to be labeled with the “This site may harm your computer” :/

    2 things:

    Did you change your password?

    Do you have ANY other unknown admin users on your blog?

    I just heard back from said they found a rougue admin acct in their install.

    I dont expect you to answer, what you need to do is

    1. change your admin password

    2. Actually look.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘noscript Spam in WordPress’ is closed to new replies.

Tags