Google Adsense Hack on my Blog

the same thing happened to me last night at https://indiemusicfinds.com

the adsense ads look identical too, I emailed google adsense one of the links so they can ban the account so they don’t get the money.

I think I’ve just found the code that’s doing it in my Theme’s Main Index Template.
There’s something about adsense and a JS script. I’m not sure how much of it I need to take out though, i don’t want to break anything.

I’m worried that they’ve put some other code in the wordpress files to allow them backdoor access again which it looks like has happened with yours for them to keep putting it back.

Posted by <span><?php the_author() ?></span>  |  Posted in <span><?php the_category(', ') ?></span>  |  Posted on <?php the_time('d-m-Y') ?>
						</h3><script type="text/javascript"><!--
google_ad_client = "pub-2269506850128822";
/* 728x90, created 7/25/09 */
google_ad_slot = "7353594443";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"
src="https://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
                    </div>

Can you tell me whether this is the code I need to remove anyone? I’m not expert with this stuff.

You need to remove the following part only:

<script type="text/javascript"><!--
google_ad_client = "pub-2269506850128822";
/* 728x90, created 7/25/09 */
google_ad_slot = "7353594443";
google_ad_width = 728;
google_ad_height = 90;
//-->
</script>
<script type="text/javascript"
src="https://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

Thanks, yes I just took it out.

Now another one has appeared in my side bar at the bottom.
Do you know how to get rid of this one?
It’s not showing up as a Widget in Appearance-Widgets.

no worries i just found it in sidebar.php.

I hope this doesn’t become a game of cat and mouse.

I’ve just found this in my functions.php

}
eval(str_rot13('shapgvba purpx_sbbgre(){$y=\'Gurzr ol : <n uers="uggc://jjj.jroubfgvatercbeg.pbz/orfg-cuc-ubfgvat.ugzy">CUC Jro Ubfgvat</n>\';$s=qveanzr(__SVYR__).\'/sbbgre.cuc\';$sq=sbcra($s,\'e\');$p=sernq($sq,svyrfvmr($s));spybfr($sq);vs(fgecbf($p,$y)==0){rpub \'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\';qvr;}}purpx_sbbgre();'));

It looks a bit out of place and the uggc://jjj. part looks like an odd version of https://www. where these codes might be being fed from.

Can someone tell me whether this is supposed to be here before i take it out?
There’s another one at the bottom of fuctions.php as follows

}

eval(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}'));

?>

It has become a game of cat and mouse. I removed probably a dozen so far and now the one at the top of our blog is impossible to find. I am searching all the files but have yet to find it.

I’m guessing it’ll be in header.php

I looked it isn’t there. I have gone through all my theme files and it is nowhere. Which functions.php did you find the weird code? The theme one or the main WP one?

the theme one, i think, it’s in the wordpress panel. Appearance-Editor

i’m fairly sure that’s what’s doing it, it looks very suspect. I want someone who understands these files to confirm first though.

Can someone from WordPress please respond to this? It is still taking place and is annoying. Any clue as to where to look for an app or widget or bot that is doing this would be greatly appreciated.

Make sure that you are not using free web hosting (it often comes with ads) and see: https://codex.www.ads-software.com/FAQ_My_site_was_hacked

I’m not using free hosting. The site has been around for quite a while and he just started happening. Thanks for the link.

When mine was hacked I found a modified version of an adsense plugin installed. The name had been changed to wp.