Ok… What and How? .TTF hacked and dropping link spam!

How are they getting it in the footer? Where did you get your theme? Less reputable folks create themes just for this purpose.

Lol … I think it was a theme I had started myself years ago and recently updated it to work with the latest version.

It may have something in there from another theme… not sure.

Here is the code that continuously appears in the footer. but with hundreds of spam links.

Should I completely recode the theme? Or is it possible they have hacked my site?

Does anyone know a way to deny writing via .htaccess excluding only my ip address?

<div style="position:absolute;left:0px;top:-1988px;width:1px;height:1px;overflow:hidden;">Tramadol News
<a href='https://opencrs.cdt.org/syndication/cms/index.html' title='compare online price tramadol'>compare online price tramadol</a>,
</div>

Any Ideas what could be causing this and how? I have yet to get a reply from anyone at wordpress?

Thanks

People hack into sites when doors are left open. One culprit is leaving the uplaods folder at 777, or leaving your theme files editable through WP admin (and not ever changing them back when you’re done). Or someone else on the server got hacked into and left a back door open through the host.

Have you cleaned out your theme files? Are you using spam control(i.e. plugins and/or settings)? Have you contacted your host and/or viewed your logs to see how they’re getting in? have you changed your passwords?

here’s a link to the Codex on it that might help.

youve been struggling with this for months. (i think ive replied to all your other similar threads) why are you not enlisting a second site of eyes?

you dont really need to ask for ideas; there are hundreds of those already here if you just out “hacked” into the search box. If you think youre following all those other ideas already and youre still having trouble, you need to buck up and get another set of eyes involved.

Ive “un”hacked countless sites in the 6 months or so your posts here reflect your problem, none of which has seen a reoccurrence of a problem, so i know an exploited site can be cleaned up properly.

Your right! I have been… I have also posted several times in here looking for pointers in the right direction. And I’ve yet to get one single reply heading me in that direction. Well, maybe one or two, but nothing has worked.

I want to learn how to remove these things so I don’t have to go through it again. I would like to at least have a better understanding about how to go about removing it. That’s not too much to ask is it? After all, It can’t really be that difficult.

Don’t get crabby with me I’m only trying to get information.

If someone could please an links to a fix or more information I would be very grateful.

~Thanks!

im not crabby, im perplexed at what the ongoing ‘problem’ is.

https://www.ads-software.com/search/hacked?forums=1

1020 links right there, have you read them all?

as you mention the word fix, Im compelled to tell you that there is no “fix”. having a site exploited isnt like catching pink eye — put this salve in your eye and you’ll be fine in a few days.

Since you are no doubt insistent on continuing to struggle alone.. there ya go.

That’s not too much to ask is it? After all, It can’t really be that difficult.

you tell me, youve been working on this for six months.

Ive unhacked 20 or so sites in that time, upgraded countless other, done installs, etc…

Just because I can do something doesnt make it “not that difficult”; thats insulting, frankly.

It is difficult, obviously ??

Since you are no doubt insistent on continuing to struggle alone.. there ya go.

I haven’t asked anyone to “Fix it for me”. I have however, asked a few questions. Struggle is the best part of the experience in my opinion. Isn’t that how people learn? Plus, don’t get too analytical on me. I haven’t been solely trying to remove a virus from “this site” for 5 months. Geez! Talk about insults?

I’m in no way trying to take anything away from you. I was trying to convey it’s probably something stupid I’m over looking. That’s all I meant. There were no ill intentions directed toward anyone’s intelligence here.

I’m not looking for a pissing contest, just more information.

Ok… https://www.ads-software.com/search/hacked?forums=1 is your final answer. That’s “Your” final answer. Just say that.

For the record, It’s been only the last 3 months that I’ve has this issue (on and off) and I have posted 3 posts asking questions.

Thanks

youre reading what I am saying in the complete opposite manner of what Im trying, too subtly it appears, to get you to do — im trying to get you to ask for another set of eyes. if not mine, then someone elses.

There’s no face lost in getting help, whether its for the simplest of tasks ( to some ) or the hardest. There isnt even lost face in asking someone to do something for you (“fix it for me”) – On the contrary, being too prideful to know when to ask for help .. well that can stand in the way of a lot of things.

—

My final answer is that what you are asking for has already been answered, countless times. Unfortunately.

What you see here, and what you google, is what there is. There isnt a secretly hidden panacea, a gem of knowledge waiting to be unearthed.

When I, personally, clean up exploited sites, I, generally, look at all the permissions, all the files, all of the database.

Whats left? The specifics, all of which are already covered elsewhere.

PS:

https://www.ads-software.com/support/topic/154429?replies=5

the above post is 8 months old. I point that ought not to make this issue of contention, but to further stress what Ive been saying all along.

You need another pair of eyes.

make sure none of the files are 777 reupload your themes plugins, please do not use the themes/plugins you backed up, redownload them from reputable site.

upgrade to latest 2.6.2 i guess.

stuff like that.

Ok whooami, I give up!

I am ready to have another pair of eyes look at this mess.

email me @ denny[at]sydpixel.com if you think you could help.

Thanks a Million!

Ok this is ridiculous.

It was a c99madshell all along!

I found one file I didn’t recognize after hours of searching and found a basecode69 coded file.

I decoded it and found out it was a c99madshell attack!

Thanks for nothing!

Ok…

Thanks for nothing and never mind.

It was a c99madshell attack. I found one suspicious file, opened it and all the bells and whistles went off on my anti-virus. It was a basecode64 attack. I decoded it and sure enough, the full deal.

Good luck to any noob’s that get this one.

Thanks for nothing and never mind.

uh yeah. how pleasant are you, not.

I saw your most recent reply the other day. Did you really expect that I was going to contact you? Do mechanics come to your door when you need your oil changed? I dont think so.

It was a basecode64 attack.

No, its a root shell, that was uploaded to your site, and has probably been there for as many months as have passed since you first indicated here that you were having trouble. The fact that it’s encoded means little other than it was obfuscated.

Good luck to any noob’s ..

They’ll be fine; you were. ??