7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

Please HELP! I got spam things in the footer!!

by bmillionaire324
6 replies
Hello please help me, somehow I got this small box in the footer with a completely different website in it, also the problem is that it shows a google ads popup everytime you refresh the page, I know it was a trojan or something but I am amazed how he planted the spam thing in the footer, is anyone able to help me with this pleaseeeeee its really annoying please!!! The website is www.gagsoluciones.com if you scroll all the way down in the left corner you will see a whole different website and also a popup with spam, this is the code from the footer.php and I could not find anything!

<div id="footer">
<?php truethemes_begin_footer_hook()// action hook, see truethemes_framework/global/hooks.php ?>
<?php
add_filter('pre_get_posts','wploop_exclude');
$footer_layout = get_option('ka_footer_layout');
$ka_footer_columns = get_option('ka_footer_columns');
$ka_scrolltoplink = get_option('ka_scrolltoplink');
$ka_scrolltoptext = get_option('ka_scrolltoplinktext');

if (($footer_layout == "full_bottom") || ($footer_layout == "full")){ ?>
<div class="footer-area">
<div class="footer-wrapper">
<div class="footer-holder">

<?php $footer_columns = range(1,$ka_footer_columns);$footer_count = 1;$sidebar = 6;
foreach ($footer_columns as $footer => $column){
$class = ($ka_footer_columns == 1) ? '' : '';
$class = ($ka_footer_columns == 2) ? 'one_half' : $class;
$class = ($ka_footer_columns == 3) ? 'one_third' : $class;
$class = ($ka_footer_columns == 4) ? 'one_fourth' : $class;
$class = ($ka_footer_columns == 5) ? 'one_fifth' : $class;
$class = ($ka_footer_columns == 6) ? 'one_sixth' : $class;
$lastclass = (($footer_count == $ka_footer_columns) && ($ka_footer_columns != 1)) ? '_last': '';
?><div class="<?php echo $class.$lastclass; ?>"><?php dynamic_sidebar($sidebar) ?></div><?php $footer_count++; $sidebar++; } ?>


</div><!-- footer-holder -->
</div><!-- end footer-wrapper -->
</div><!-- end footer-area -->
<?php } else {echo '<br />';} ?>
</div><!-- end footer -->


<?php if (($footer_layout == "full_bottom") || ($footer_layout == "bottom")){ ?>
<div id="footer_bottom">
<div class="info">
<div id="foot_left">&nbsp;<?php truethemes_begin_footer_left_hook()// action hook, see truethemes_framework/global/hooks.php ?><?php dynamic_sidebar("Footer Copyright - Left Side"); ?></div><!-- end foot_left -->
<div id="foot_right"><?php if ($ka_scrolltoplink == "true"){ echo '<div class="top-footer"><a href="#" class="link-top">'.$ka_scrolltoptext.'</a></div>'; }?>


<?php // Check to see if user has footer menu set, if so display it

if(has_nav_menu('Footer Navigation')): ?>
<ul>
<?php wp_nav_menu(array('theme_location' => 'Footer Navigation' , 'depth' => 0 , 'container' =>false)); ?>
</ul>

<?php elseif(is_active_sidebar(13)): ?>
<ul><?php dynamic_sidebar("Footer Menu - Right Side"); ?></ul>
<?php endif; ?>

<?php truethemes_end_footer_right_hook()// action hook, see truethemes_framework/global/hooks.php ?>

</div><!-- end foot_right -->
</div><!-- end info -->
</div><!-- end footer_bottom -->
<?php } ?>


</div><!-- end main -->
</div><!-- end wrapper -->
<?php
//codes to load scripts has been moved to truethemes_framework/global/javascript.php
wp_footer();
?>
</body>
</html>

If you see something that is not supposed to be there let me know, and also if you know that it may have affected other files?

Thanks in advance!
#footer #spam #things
  • Profile picture of the author adsensethis
    This is what happens when you pick up a free Wordpress theme. Ain't really free now is it.

    There is no way to know what's in the hooks given the information you posted.

    Just drop the junk theme and use a better one.
    {{ DiscussionBoard.errors[5243630].message }}
  • Profile picture of the author kokopelli
    The following iframe is loaded in the footer (look at the live page source, not the theme footer code):
    Code:
    <iframe src="http://es.pn/rNM3Me"></iframe>
    If it is a free theme with encrypted code in the footer/functions, etc. this is probably what is causing this. If there is no encrypted code, then you have a security issue (malware).
    Signature
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    {{ DiscussionBoard.errors[5243648].message }}
    • Profile picture of the author bmillionaire324
      Originally Posted by kokopelli View Post

      The following iframe is loaded in the footer (look at the live page source, not the theme footer code):
      Code:
      <iframe src="http://es.pn/rNM3Me"></iframe>
      If it is a free theme with encrypted code in the footer/functions, etc. this is probably what is causing this. If there is no encrypted code, then you have a security issue (malware).
      I am sorry, which one is the live page source? How did you identified that iframe code?
      {{ DiscussionBoard.errors[5243675].message }}
  • Profile picture of the author kokopelli
    Right-click on your front page and select "View Page Source" - scroll down to the bottom, or search for it.
    Signature
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    {{ DiscussionBoard.errors[5243699].message }}
    • Profile picture of the author dmtaylor247
      To hack an encrypted footer, view the page source and copy the footer code into a text file, remove the unwanted links or frames.

      Deleted the encryted code from footer.php and paste in the code from the text file. If this blocks the theme, create a second footer file instead named footer2.php, paste in your new code and change your template to include it instead of the orignal (footer.php) file.

      You will need to back up your files before you do this or save the deleted code on your desktop.
      {{ DiscussionBoard.errors[5243924].message }}
  • Profile picture of the author RobKonrad
    If this is new - and your theme was changed without you knowing - also make sure it won't happen again!

    Usually when a site is targeted, the bad guys will come back to see if the security issues are still open....

    Cheers
    Rob
    Signature
    ================================================== ===
    This blog is awesome: http://www.robkonrad.com/blog. Read it.
    ================================================== ===
    {{ DiscussionBoard.errors[5245418].message }}

Trending Topics