Theme got hacked

  • Something happened to my blog theme which was an older Tiga 1.0.1 theme. I keep getting hundreds of spam links in my footer, and now google searches for my site aren’t listing my posts near the top anymore because the descriptions of all my posts in google show these stupid spam links instead of the real post descriptions.

    I keep deleting the spam links in my footer.php file, but they keep coming back- These spam links used to hsow up in my header.php too, but I somehow was able to stop that- but I can’t stop the footer.php spam links from returning- these spam links don’t show on my site, as they have some kind of hide code, but it is affecting how my posts show up when people do a google search for my post subjects.

    Has anyone got any idea where the code that is inserting these spam links might be located? it must be in my Tiga theme template somewhere because if I switch to another theme, the spam links don’t affect the new theme, but I can’t for th4e life of me find out where in the Tiga theme the code for hte spam is located.

Viewing 14 replies - 1 through 14 (of 14 total)

  • Well the obvious place is in the footer.php file, but if the theme has a functions.php file, I’d look there too. And check header.php to see if there’s some JS there that calls in that weirdness.

    I downloaded Tiga 1.0.2 from the theme developer’s site:
    https://www.shamsulazhar.com/wp/archives/31

    And it doesn’t look like there’s any spam links in those files. Might want to just download a fresh distro and go from there.

    What version of WordPress are you using? Are you sure it’s not your WordPress installation, but the theme itself causing this vulnerability?

    Thread Starter Nazareth

    (@nazareth)

    Joni- I haven’t checked the functions fiule- but have checked the header and can’t see anythign wierd in there (note- I might have spotted it a few n ights ago- not really knowing what it was, deleting it, and now the header file doesn’t get the spam- I think I fixed the header spam by accident- not knowing what I was doing)- Not sure what’s going on- My blog was fien for two years- then wham- got the spam- got penalized by google badly for it.

    I can’t run the 1.0.2 Tiga file- it comes up with errors/ call function errors etc. I lost my zipped 1.0.1 Tiga file, and can’t find it online anywhere- otherwise I’d just reinstall the 1.0.1 Tiga theme- clean instal, and start over again with it, customizing it back to how I like it. Kind of in a pickle here without the zipped Tiga file- Don’t want to upgrade my wordpress (& tiga) because I tried that and got all kinds of wierdness- had ot revert back to earlier wordpress and Tiga theme (I had the zipfile for Tiga 1.0.1 back then- I musta got delet happy oneday & got rid of it thinking I wouldn’t need it again- lesson learned lol)

    Thread Starter Nazareth

    (@nazareth)

    Leland, I am almost sure it’s the theme that got hacked because if I use a different theme, the spam doesn’t infect my footer file in the new theme- I’d liek to try to salvage the Tiga theme, as it’s one of the nicer ones I’ve come across looks-wise & functional wise- plus I’m now somewhat familiar with how to customize it

    I got hacked the same way.

    Check your file permissions. WordPress wants 666 so you can use the built-in theme editor. This makes the theme files world writable.

    I have change my perms to 644 unless editing. 664 while editing then change back to 644 immediately on completion. Alternative is to edit locally with Notepad etc and upload with FTP while keeping perms 644.

    Also, verify you have nothing set to 777. Use 755 for dirs. Check the contents of any dirs you have previously set to 777- you will likely find a ton of spammers’ files stored there.

    HELP, I am new to blogging and word press. I am using word press on my web site and all of a sudden I keep getting tons of spam in the header body of my theme template. I have changed my password and nothing seems to help. Is there something I could have possibly done to make this happen. How can I stop it?????

    Thanks for any help.

    Mary
    [sig link moderated]

    maryschlenger, and just where IS your wordpress install? The site in your signature is not a wordpress blog. And btw, this forum doesnt allow signatures, its akin to advertising.

    Sorry, like I said I am very new and don’t really understand any of this. I am getting a education as I go. By signature do you mean my name or the name of my company? What do you mean where is my wordpress install. I went through my yahoo store to install is that what you are asking?

    im asking for url to your blog, NOT a URL to where your store is.

    and this:

    Mary
    Ovitaminpro.com

    is a signature. Its advertising. Its not allowed on these forums.

    OK, I got it. I will not use that as a signature, thank you.

    my url to the blog is https://site.ovitaminpro.com/blog/

    That is the only URL I have.

    Mary

    if your site has been hacked its because youre running a version of wordpress that is nearly 2 years old.

    <meta name="generator" content="WordPress 2.0.2" /> <!-- leave this for stats -->

    Get your blog unhacked and then ..

    UPGRADE.

    Thank you for the advise. I will upgrade and I have already deleted all the spam and changed my password again.

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Theme got hacked’ is closed to new replies.