9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

Need help with some code which appeared at my site

by bwh1
8 replies
  • WEB DESIGN
    • |
Hi Warriors

2 or 3 days ago appeared a tiny piece of content below one of my pages.

There is written....

Mouse here for Related Links

Not a clickable link by the way.

I saw this but didn't do anyhting about it, thought that's something from Profit Theme.

Today I tried to remove it and couldn't find anything what did make sense in my page. So I opened the source code and OH WOW, found a bunch of code which looks like advertising - link spamming.

Here's the code from my page

<div id='single'><br><table cellpadding=0 cellspacing=0 border=0 id='singlealign'><tr><td align='center'><div id='singletitletext'><table class='linkboxcontainer' id='singletable' onmouseover='opensingledropdown();' onmouseout='closesingledropdown();'><tr><td align='center'><table cellpadding=0 cellspacing=0><tr><td id='singletitlebox' class='linkboxtext'><div id='singlemouse'>Mouse here for </div></td><td width=7></td><td class='linkboxtext'><b id='singletitle'>Related Links</b></td></tr></table></div><div id='singletablelinks' style='display:none;'><table class='linkboxdisplay'><tr><td><div id='singletext' class='linkboxtext'><a href="http://atdsolutions.wordpress.com/your-source-for-quickbooks-training-and-bookkeeping/" target=_blank title="Your Source for QuickBooks Training and Bookkeeping!" rel="nofollow">Your Source for QuickBooks Training and Bookkeeping!</a><br><a href="http://ls-cpa.com/quickbooks/training/" target=_blank title="Tax QuickBooks Bookkeeping Controller CPA Firm Long Island Nassau County NY Small Business Accounting Quickbooks Training" rel="nofollow">Tax QuickBooks Bookkeeping Controller CPA Firm Long Island Nassau County NY Small Business Accounting Quickbooks Training</a><br><a href="http://www.appleproductsrock.com/475503/best-quickbooks-training-tutorials-huge-untapped-niche/" target=_blank title="Best Quickbooks Training Tutorials – Huge Untapped Niche" rel="nofollow">Best Quickbooks Training Tutorials – Huge Untapped Niche</a><br><a href="http://www.corebloggers.com/blog/write-a-check.html" target=_blank title="How To Write A Check" rel="nofollow">How To Write A Check</a><br><a href="http://wistia.com/blog/does-length-matter-it-does-for-video/" target=_blank title="Does length matter" rel="nofollow">Does length matter</a><br><a href="http://websitehostingnz.com/so-why-quickbooks-hosting/" target=_blank title="So why Quickbooks Hosting" rel="nofollow">So why Quickbooks Hosting</a><br><a href="http://utilesoftware.org/quickbooks-timesheet-time-tracking-time-tracker-time-tracking-software/" target=_blank title="Quickbooks Timesheet: Time tracking / Time tracker / Time Tracking Software" rel="nofollow">Quickbooks Timesheet: Time tracking / Time tracker / Time Tracking Software</a><br><a href="http://quickbookstraining101.com/2012/10/financial-service/" target=_blank title="financial service" rel="nofollow">financial service</a><br><a href="http://nerdenterprises.com/2012/10/to-the-9th-annual-sleeter-group-accounting-solutions-conference/" target=_blank title="To The 9th Annual Sleeter Group Accounting Solutions Conference" rel="nofollow">To The 9th Annual Sleeter Group Accounting Solutions Conference</a><br><a href="http://nerdenterprises.com/2012/10/why-verizon-wireless-just-lost-a-customer-for-life/" target=_blank title="Why Verizon Wireless Just Lost A Customer For Life" rel="nofollow">Why Verizon Wireless Just Lost A Customer For Life</a></div></td></tr></table></div></td></tr></table></td></tr></table></div><br><script type="text/javascript">

var addthis_config = {"data_track_clickback":true,"data_track_addressba r":false,"data_track_textcopy":false,"ui_atversion ":"300"};
var addthis_product = 'wpp-3.0';
</script><script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4de7a93036f3fee9"></script><script type="text/javascript"></script></div></div>

<div class="sales-right">

</div>

<div style="clear:both"></div>

</div>


</div>
</div>
</div>

<div id="bot-content-body">
<div class="bot-left-corner"></div>
<div class="bot-right-corner"></div>
<div class="clearfix"></div>
</div>
</div>
Looks like this junk entered over the Addthis plugin I updated a few days ago.

I deleted the plugin now.

Do you think that I'm correct here? And how can I exclude the code above as I can't find it anywhere in my theme.

Thanks for any help you can give me

G.

P.S. I went to my hosting support and they couldn't help at all. Hostmonster support looks like some guys which only recommend third party sites for further "help", mostly paid products.
#appeared #code #site
  • Profile picture of the author JCoffey
    The easiest way to remove all this, is just find the links in the code that's spam, delete the name, and link, but don't delete anything else such as the tags/html, otherwise that could cause other problems.

    Hope this helps.
    {{ DiscussionBoard.errors[7258314].message }}
    • Profile picture of the author bwh1
      Originally Posted by JCoffey View Post

      The easiest way to remove all this, is just find the links in the code that's spam, delete the name, and link, but don't delete anything else such as the tags/html, otherwise that could cause other problems.

      Hope this helps.
      Well, that was my idea but I couldn't find that code inside my page. I also checked the footer settings.

      That line of text is not there, neither the code - it only appears when you load the page.

      That is pulled from somewhere else, hell knows from where.

      Maybe you have an idea where that piece of code could be found?

      thanks anyway

      G.
      Signature

      Affiliates Wanted! Make anywhere from 42,- to $72 in commissions. Simply Recommend the Best QuickBooks Pro Video Course available at Clickbank.

      {{ DiscussionBoard.errors[7258374].message }}
  • Profile picture of the author Istvan Horvath
    It can be an innocently "looking" code line in any of the template files... and it also could just retrieve and include something from your database. If this latter case, then you were hacked.
    Signature

    {{ DiscussionBoard.errors[7258570].message }}
  • Profile picture of the author lovboa
    Banned
    Open each file in the theme and do a "Find" for base64.

    Sometimes these spam lines are encoded so people don't notice it.
    {{ DiscussionBoard.errors[7258601].message }}
    • Profile picture of the author Istvan Horvath
      Originally Posted by lovboa View Post

      Open each file in the theme and do a "Find" for base64.
      Most decent editors (html/code editors) are able to search in a whole directory, hence no need to open each file. Try PSPad if you haven't seen such a normal editor
      Signature

      {{ DiscussionBoard.errors[7258631].message }}
    • Profile picture of the author bwh1
      Originally Posted by lovboa View Post

      Open each file in the theme and do a "Find" for base64.

      Sometimes these spam lines are encoded so people don't notice it.
      base64 not found at your domain

      guess that's good.

      Where that code is hiding, I cant find it ti delete it.

      G
      Signature

      Affiliates Wanted! Make anywhere from 42,- to $72 in commissions. Simply Recommend the Best QuickBooks Pro Video Course available at Clickbank.

      {{ DiscussionBoard.errors[7265593].message }}
  • Profile picture of the author Kingfish85
    Originally Posted by bwh1 View Post

    Hi Warriors

    2 or 3 days ago appeared a tiny piece of content below one of my pages.

    There is written....

    Mouse here for Related Links

    Not a clickable link by the way.

    I saw this but didn't do anyhting about it, thought that's something from Profit Theme.

    Today I tried to remove it and couldn't find anything what did make sense in my page. So I opened the source code and OH WOW, found a bunch of code which looks like advertising - link spamming.

    Here's the code from my page



    Looks like this junk entered over the Addthis plugin I updated a few days ago.

    I deleted the plugin now.
    It's possible that the plugin was exploited. It's also possible that your theme was exploited & it's also possible that your web host has poor security. There's a number of things that can be the root cause. I'd start looking through logs to see what was accessed when, and from where.

    My bet is on either Wordpress itself was exploited or the plugin was exploited.

    Do you think that I'm correct here? And how can I exclude the code above as I can't find it anywhere in my theme.

    Thanks for any help you can give me

    G.
    Yes, that's a good step. You should also be taking other steps/methods to secure your websites. Feel free to look through my previous posts for some lengthy WP security methods.

    P.S. I went to my hosting support and they couldn't help at all. Hostmonster support looks like some guys which only recommend third party sites for further "help", mostly paid products.
    I'd say it's time to move. Look into companies that are smaller and don't try to sell you something you're clearly not getting. To the large, bargain basement companies, you're just another account. That's it. Some smaller companies such as Eleven2, MDD Hosting, StableHost Hawkhost etc take better care and more pride in their environments. While you may pay more for what seems less, you'll be better off in the long run.

    -Brent
    Signature

    |~| VeeroTech Hosting - sales @ veerotech.net
    |~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
    |~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
    |~| Visit us @veerotech Facebook - Twitter - LinkedIn

    {{ DiscussionBoard.errors[7258714].message }}
    • Profile picture of the author ronc0011
      Well it is a bunch of links to different sites so it's pretty obvious that it some sort of spam BTW here's the code with some formatting you can see there are at least 10 links to different sites

      Code:
       
<div id='single'><br>
<table cellpadding="0"cellspacing="0"border="0"id='singlealign'>
<tr>
<td align='center'>
<div id='singletitletext'>
<table class='linkboxcontainer'id='singletable'onmouseover='opensingledropdown();'
onmouseout='closesingledropdown();'>
<tr>
<td align='center'>
<table cellpadding="0"cellspacing="0">
<tr>
<td id='singletitlebox'class='linkboxtext'>
<div id='singlemouse'>
Mouse here for
</div>
</td>
<td width="7">
</td>
<td class='linkboxtext'>
<b id='singletitle'>Related Links</b>
</td>
</tr>
</table>
</div>
<div id='singletablelinks'style='display: none;'>
<table class='linkboxdisplay'>
<tr>
<td>
<div id='singletext'class='linkboxtext'>
<a href="http://atdsolutions.wordpress.com/your-source-for-quickbooks-training-and-bookkeeping/"
target="_blank"title="Your Source for QuickBooks Training and Bookkeeping!"
rel="nofollow">Your Source for QuickBooks Training and Bookkeeping!</a><br>
 
 
 
<a href="http://ls-cpa.com/quickbooks/training/"target="_blank"title="Tax QuickBooks Bookkeeping Controller CPA Firm Long Island Nassau County NY Small Business Accounting Quickbooks Training"
rel="nofollow">Tax QuickBooks Bookkeeping Controller CPA Firm Long Island Nassau
County NY Small Business Accounting Quickbooks Training</a><br>
 
 
<a href="http://www.appleproductsrock.com/475503/best-quickbooks-training-tutorials-huge-untapped-niche/"
target="_blank"title="Best Quickbooks Training Tutorials - Huge Untapped Niche"
rel="nofollow">Best Quickbooks Training Tutorials - Huge Untapped Niche</a><br>
 
 
 
<a href="http://www.corebloggers.com/blog/write-a-check.html"target="_blank"title="How To Write A Check"
rel="nofollow">How To Write A Check</a><br>
 
 
 
<a href="http://wistia.com/blog/does-length-matter-it-does-for-video/"target="_blank"
title="Does length matter"rel="nofollow">Does length matter</a><br>
 
 
 
<a href="http://websitehostingnz.com/so-why-quickbooks-hosting/"target="_blank"
title="So why Quickbooks Hosting"rel="nofollow">So why Quickbooks Hosting</a><br>
 
 
 
<a href="http://utilesoftware.org/quickbooks-timesheet-time-tracking-time-tracker-time-tracking-software/"
target="_blank"title="Quickbooks Timesheet: Time tracking / Time tracker / Time Tracking Software"
rel="nofollow">Quickbooks Timesheet: Time tracking / Time tracker / Time Tracking
Software</a><br>
 
 
 
<a href="http://quickbookstraining101.com/2012/10/financial-service/"target="_blank"
title="financial service"rel="nofollow">financial service</a><br>
 
 
 
<a href="http://nerdenterprises.com/2012/10/to-the-9th-annual-sleeter-group-accounting-solutions-conference/"
target="_blank"title="To The 9th Annual Sleeter Group Accounting Solutions Conference"
rel="nofollow">To The 9th Annual Sleeter Group Accounting Solutions Conference</a><br>
 
 
 
<a href="http://nerdenterprises.com/2012/10/why-verizon-wireless-just-lost-a-customer-for-life/"
target="_blank"title="Why Verizon Wireless Just Lost A Customer For Life"rel="nofollow">
Why Verizon Wireless Just Lost A Customer For Life</a></div>
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</td></tr></table></div><br>


      Well mostly it is. The forum software likes to strip out spaces from code pasted in so it kind of butchers the code a bit.
      {{ DiscussionBoard.errors[7263939].message }}

Trending Topics