1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[HELP!] Hidden external links injected into WP site!

Discussion in 'Black Hat SEO' started by indianfreak, Jul 18, 2016.

  1. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
    Unmask Parasites website displays that the following external links have been found on my posts:
    Code:
    •    <A> hidden Im Herzen des Tales - http://joneswindowcleaners.co.uk/Im-Herzen-des-Tales.pdf
    •    <A> hidden Jean Pauls Briefwechsel mit seinem Freunde ... - http://smmilligan.com/Die-SARS-Krise-in-Hongkong--Zur-Regierung-von-Sicherheit-in-der-Global-City--Materialitaeten-.pdf
    •    <A> hidden GeoMap Karten, Naturpark Südschwarzwald - http://erotic4u.ch/Schnipp--Schnapp--Schnorum--Lieder-und-Reime-fuer-Grosse-und-Kleine--Musikalisches-Bilderbuch-mit-CD-.pdf
    •    <A> hidden Kinderbuch: Ich habe meine Mama lieb (German ... - http://searchandsaveanimals.com/?Kinderbuch--Ich-habe-meine-Mama-lieb--German-children-s-books--german-kids-books--childrens-books-in-german--Kinderbue
    •    <A> hidden Pestizide nein danke - http://www.screenprintingservices.net.au/Mein-Leben-in-Bildern--Mit-Gedichten-von-H--Hesse-u---A-v-Droste-Huelshoff.pdf
    •    <A> hidden Hannibal oder Beyträge gegen den neu ... - http://www.windasorganizasyon.com/?Hannibal-oder-Beytraege-gegen-den-neu-aufstrebenden-Obskurantismus.pdf
    •    <A> hidden Recht für Ingenieure: Zivilrecht, Öffentliches ... - http://www.urbansoundhouse.com/Aus-Traeumen-geboren--Das-Leben-eines-ungewoehnlichen-Menschen.pdf
    •    <A> hidden Goldköpfchen, Bd.3, Goldköpfchens Backfischzeit - http://trilogykenya.com/Was-Kinder-brauchen--Aktive-Entwicklungsbegleitung-im-Kindergarten.pdf
    
    I've tried to check the theme files but found nothing. The plugins used on the site are present on my other sites as well and those sites are fine. I don't know much about PHP or handling databases.

    Can someone help me to find the source of the problem? Like, what caused the intrusion? And how to get rid of it?

    Any help would be much appreciated. Many thanks in advance.
     
  2. validseo

    validseo Jr. VIP Jr. VIP Premium Member

    Joined:
    Jul 17, 2013
    Messages:
    910
    Likes Received:
    527
    Occupation:
    Professional SEO
    Location:
    Seattle, Wa
    If your PHP is hacked then it could be in the wordpress source itself. You need to have an expert look at it and recovering might mean that you have to secure a clean install from safe sources for wp, plugins, themes, everything. If wordpress was compromised then your database credentials probably have been too... so you need to change the accounts names and passwords for eveything. If your WP password or database password is the same as your hosting or FTP passwords then your whole system might be compromised.

    It is a whole lot of work so have someone local who knows their stuff that you trust look through it... I really hope it ends up being something minor because otherwise you might be better off moving to a new host than trying to patch up a compromised one.

    Next time install wordpress then iThemes Security Plugin... then secure everything.... get someone to do it for you if you don't know how.... otherwise expect to be right back here again. Then add themes and plugins.

    When it comes to PHP, extreme paranoia is the correct amount of security to apply. It happens a lot.
     
    • Thanks Thanks x 1
  3. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
    @validseo Yesterday, I upgraded WP to the latest version, and the links vanished. But, after a few hours, they're there again. My passwords are different.
     
  4. onlineonly

    onlineonly Power Member

    Joined:
    Jul 27, 2014
    Messages:
    612
    Likes Received:
    287
    Location:
    online
    I think you should hire someone to have a look at it. Last time my site got hacked I hired some indian guy from upwork and he scanned all my files (site was down for a couple of days) and finally found the malware and removed it. No way I would have found it by myself.
     
    • Thanks Thanks x 1
  5. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
    @onlineonly, thank you so much. Heading on to upwork! Do you, by chance, remember the name of the guy who removed malware from your site?
     
  6. onlineonly

    onlineonly Power Member

    Joined:
    Jul 27, 2014
    Messages:
    612
    Likes Received:
    287
    Location:
    online
    Yes sure. I send you a PM with a link to his profile at upwork.
     
    • Thanks Thanks x 1
  7. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,121
    Likes Received:
    33,644
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Are you using any nulled themes or plugins?
    Update all themes and plugins to the latest versions check your server for any suspicious directories.
     
    • Thanks Thanks x 1
  8. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
  9. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
    @ Asif WILSON Khan, No, my theme is purchased one and the plugins are free added through WP. But I do think there is some problem with either with the theme or plugins, because when I updated WP and the plugins, the links vanished for a few hours. Or the problem might be somewhere else, I don't know. I know nothing about servers, databases or PHP.
     
  10. Panther28

    Panther28 Jr. VIP Jr. VIP

    Joined:
    May 2, 2010
    Messages:
    2,665
    Likes Received:
    3,664
    Occupation:
    Internet.
    Location:
    Internet.
    Home Page:
    change your wordpress password, install wordfence, and then delete the links. See if they come back. If you don't know what to do after that, then your better of getting the services of a pro, like someone recommended
     
    • Thanks Thanks x 1
  11. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,121
    Likes Received:
    33,644
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Try to follow these guides:
    https://codex.wordpress.org/FAQ_My_site_was_hacked
    http://www.whoishostingthis.com/resources/fix-wordpress-hacks/
    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
     
    • Thanks Thanks x 1
  12. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
    @Panther28 Thanks man. But I don't know how to delete links as those are not present in my posts, they appear when the posts are viewed in the browser. :(
     
  13. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
    @Asif WILSON Khan Thank you so much for your help. Checking out your links. I really appreciate it. :)
     
  14. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,121
    Likes Received:
    33,644
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    PM me the site URL and I will see if I can find anything.
     
  15. kevin shah

    kevin shah Newbie

    Joined:
    Jul 18, 2016
    Messages:
    3
    Likes Received:
    0
    Gender:
    Male
    @indianfreak sir I am an Indian WordPress developer. I can certainly help you with this.
     
  16. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,121
    Likes Received:
    33,644
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    OP I would be careful giving details of your site to a brand new member who just joined.
     
  17. kevin shah

    kevin shah Newbie

    Joined:
    Jul 18, 2016
    Messages:
    3
    Likes Received:
    0
    Gender:
    Male
    @Asif WILSON Khan I am new to blackhatworld. But not new to WordPress sir. I can email you my profile and portfolio.
     
  18. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,121
    Likes Received:
    33,644
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    You may or may not be fully qualified but as you are a brand new user to BHW it makes sense for people to be cautious.
    Once you have been on the forum awhile and contributed then you will build up a little trust.
    If you want to help OP, you can list a few things he should do to try to remedy the situation.
     
  19. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    650
    Likes Received:
    436
  20. cyber.surfer

    cyber.surfer Regular Member

    Joined:
    Feb 27, 2012
    Messages:
    256
    Likes Received:
    103
    Its probably in the theme's .php files like header.php or functions.php. Base64 or reverse base 64 encoding is what I suspect.
     
    • Thanks Thanks x 1