Spam links in posts, WF says everything clean

  • Resolved ohliza

    (@ohliza)


    3 months ago

    Page linked is one example, there are 50 or so pages with spam links.

    Wordfence scan reports everything is fine.

    Google Search Console says everything is fine.

    Yet the spam links are visible on these posts, publicly and in edit mode. The spammy links and text are always in a span tag, the id changes form post to post, and bad content ends in a span tag. So I can clean the stuff that’s showing up, but it’s obviously coming form somewhere and I suspect will reappear. This site had a similar issue a year and a half ago, WF didn’t see anything amiss then either.

    I’d pay Wordfence to clean this but if WF doesn’t see that there’s a problem I’m not sure how that would work?

    Sample injected content:

    <span id="ma4c8e38f">to reverse premature ejaculation and enjoy intimate moments with your beautiful female. <a >https://amerikabulteni.com/2013/12/16/papa-marksist-degilim-ama/</a> <a >obtain at storefront</a> Physiotherapy electrotherapy equipment is used to   cure the issues a patient has been detected with. </span>
    <span id="j5902703cd"> <a >appalachianmagazine.com</a> y <a >appalachianmagazine.com</a>   </span>
    • This topic was modified 3 months ago by ohliza. Reason: added links and sample bad code
    • This topic was modified 3 months ago by ohliza. Reason: added sample bad content

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @ohliza, thanks for getting in touch.

    None of the IP addresses seemingly associated with those URLs appear on our current, or historical, blocklist. Having said that, it’s more the strings inserted into your site and the URLs rather than the IPs that would be detected in a scenario like this.

    You may find our detailed site cleaning instructions and free Learning Center can help you find the cause and clear it yourself:
    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
    https://wordfence.com/learn/

    Make sure to fully back up your site before taking any action!

    If your site was compromized in order to add the code/files, we’ll always recommend?the passwords for your hosting control panel, FTP, other WordPress admin users, and database?have?all?been changed. Also make sure WordPress, themes, and all of your plugins are fully up-to-date in case a known exploit on an unpatched vulnerability was used.

    I would recommend providing any suspicious file(s), text copies of where these links appear in the database, or HTML (like your examples above) to?samples @ wordfence . com. If the source that caused it is packaged in a way Wordfence isn’t currently picking up during a full scan, our researchers can look into it and get back to you with a suitable course of action.

    Make sure any database credentials or keys/salts are removed before sending anything to us.

    I hope that helps you out!
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.

Tags