Think my blog has been hacked.

  • I’m not sure exactly how to describe it, but on every post there’s a couple hundred outbound links that are only viewable in the source code. The links seem to change periodically throughout the day. I was using wordpress 2.5 and upgraded to 2.7 today and the problem still exists.

    here’s the url OrlandoGolfBlogger.com

    Below is an example of some of the outbound links. Any one able to give me a hand?

    <!--wpfooterz--><u style=display:none>
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=2912">side effects and phentermine</a><br />
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=1584">keywords nexium</a><br />
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=35">ephedrine as cut</a><br />

<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=1549">nexium long term use</a><br />
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=999">canada discount nexium</a><br />
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=2443">active ingredient in phentermine hydrochloride hcl</a><br />
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=3090">phentermine law</a><br />
<a href="https://www.antioch-college.edu/news/gallery2/g2data/5/pharm/?page=294">ephedrine cheap</a><br />
Viewing 5 replies - 1 through 5 (of 5 total)

  • Yes – you have been hacked

    you will need to to try to find where this is happening – I didn’t see it in your source

    I would also report this to your host as they may have gotten in somewhere else on the shared server or may be hacking other scripts

    This happened to my site as well. You need to edit the Footer.php where it is in the bottom, that is why you see it on all posts.

    Did you upgrade to 2.7.0 or 2.7.1? The later is supposed to have some fixes to help prevent XSS attacks.

    I upgraded to 2.7 on release but i only discovered the spam yesterday, so i cant really tell when i got the spam footer. I discovered it randomly while looking for html errors on my frontpage where i had a whopping 3500 errors due to the spam urls

    i was having this same problem and found that a file called locals.php was added to my theme. it was adding these spam links back to my header and footer even after i would delete them. i wasn’t even able to delete the locals.php file, but i was able to edit it so i deleted all the code in it and then set the file permissions to deny reading and writing.

    hopefully that will work and tomorrow those wpfooterz spam links won’t have reappeared.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Think my blog has been hacked.’ is closed to new replies.