Someone has Connected a Google Ads that isn’t Mine

  • Resolved kforchuk

    (@kforchuk)


    5 months, 2 weeks ago

    Hello,

    This is a bit of a weird scenario in which I’m sure I made a bunch of mistakes…

    I monitor this page a few times a month, and it appears since the last time I was logged in someone had created an account and accessed the backend. I deleted the account and took a look through things and didn’t see anything out of place, but installed a fresh copy of my theme just in case.

    Today, I was asked why there were suddenly ads on the website, so I went and looked and it appears that when the person created the account they put their adsense codes in somewhere. I have already re-updated the theme again to see if that would overwrite it, and looked into my code snippets and checked them all and didn’t see where this code would be coming from.

    I have deleted the ads.txt file, and checked through my htaccess but haven’t see anything abnormal. Where on earth is this code hiding so I can delete it? I would use a back-up from before the account was made, but my auto backup deletes backups more than 2 weeks old so I cannot just use that to adjust it… This would likely have been the best option in this scenario and one of my largest mistakes, the other being that someone had been allowed to create an account to get into the site to begin with (though I’m not sure how)….

    Could someone tell me where to look for this code that might be hiding or how I can fix this? I’ve looked through all recently accessed files and I cannot seem to find it…

    Thanks

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hello @kforchuk,

    Thank you for reaching out and sharing the details of your situation. It sounds like you’re dealing with a tricky issue, but I’ll do my best to guide you through it.

    Here are a few places where malicious code like AdSense scripts could be hiding, and steps to help you remove it:

    1. Check the Theme and Plugin Files: Even after reinstalling your theme, check the theme’s files directly, particularly header.php, footer.php, and any functions.php files for unexpected code. It’s also worth reviewing any active plugins to ensure no scripts have been injected into them.
    2. Database: Sometimes, malicious code can be stored in your database rather than in the theme or plugin files. Check the wp_options and wp_posts tables for any entries containing script tags or suspicious content.
    3. Widgets and Custom HTML: If your site uses widgets, someone might have injected the code into a Custom HTML widget or a text widget in the sidebar, footer, or other widget areas.
    4. Custom Code Snippets: Since you’ve already checked your code snippets, I would recommend rechecking for any new or unfamiliar entries, especially if you use any plugin that allows for custom code snippets.
    5. Hidden Files: Since you’ve already deleted the ads.txt file, make sure there aren’t other hidden files in your root directory, such as .htaccess, .user.ini, or custom .php files where someone may have embedded scripts.
    6. Security Plugins: If you haven’t already, I highly recommend installing a security plugin like Wordfence or Sucuri. These plugins can scan your files and database for malicious code and provide better insights into security vulnerabilities.
    7. User Account Permissions: Ensure that no unauthorized user roles have been created or modified. Double-check user roles and permissions to prevent future access.

    Since you don’t have a backup from before this incident, cleaning the affected files manually may be the best option. Once you’ve resolved the issue, consider setting up more frequent backups and limiting user access as preventative measures.

    Let me know if you need further assistance!

    Regards
    Mohd Javed

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures

    https://www.ads-software.com/support/article/faq-my-site-was-hacked/

    https://www.ads-software.com/support/article/hardening-wordpress/

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Thread Starter kforchuk

    (@kforchuk)

    Hello,

    Thank you both for your help! I’ve gotten everything back under control!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Tags