1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with self-hosted Wordpress blog

Discussion in 'Black Hat SEO' started by sfidirectory, Dec 15, 2010.

  1. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Hi all,

    Have done a massive clean-up of plugins etc on my blog and have noticed some of the "related" posts link to Viagra related sites etc. I have gone over every plugin installed and they are still there :( Here is an example of what I'm talking about:

    [​IMG]

    Notice the Viagra links near the top? That is the kind of crap I don't want on my blog. I use a plug-in called WP Malwatch and do regular scans so am not sure if there is something there or not, but I am having alot of trouble pin-pointing this problem. If you need to visit my blog to see it live, visit my site in my signature, and add "blog" at the end of the url (after redirection from bit.ly), or pm me for the site url. I even have Akismet installed and updated regularly, and that hasn't stopped it. Here is a list of all active plug-ins on my blog:


    • AddToAny: Share/Bookmark/Email Button
    • Advertising Manager
    • Akismet
    • cbnet Ping Optimizer
    • Digg Digg
    • FollowMe
    • Google Analytics for WordPress
    • Google XML Sitemaps
    • Guest Blogger
    • Hello Dolly
    • PC Robots.txt
    • Platinum SEO Pack
    • Popularity Contest
    • Private Email Notifications
    • SEO Friendly Images
    • SEO Power
    • SEO SearchTerms Tagging 2
    • SEO Smart Links
    • Share and Follow
    • SI CAPTCHA Anti-Spam
    • Twitpress
    • W3 Total Cache
    • Wordbooker
    • Wordpress Tabs Slides
    • WP-MalWatch
    • WP Security Scan
    I will give rep to anyone that will help me get rid of this.

    Many thanks in advance :)
     
  2. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
    is that on every post or only on certain post?
     
  3. oxonbeef

    oxonbeef BANNED BANNED

    Joined:
    Jan 4, 2009
    Messages:
    2,241
    Likes Received:
    7,874
    Have you checked for hidden links in your template?
    Your footer ect?
     
  4. nerdmoney

    nerdmoney Junior Member

    Joined:
    Feb 24, 2008
    Messages:
    135
    Likes Received:
    37
    Occupation:
    web nerd
    i'd guess it was the theme you are using. google chrome through a malware warning for having an infected external site on there.
     
  5. tankr

    tankr Junior Member

    Joined:
    Jul 30, 2010
    Messages:
    119
    Likes Received:
    23
    Location:
    English speaking world
  6. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Thanks for the suggestions guys. It seems that all that crap is gone. I modified settings in the W3 Total Cache and done a complete clean of everything (browser caching, databases etc) and reinstalled the theme. I'm not sure exactly how I got it fixed, am going to try analysing everything so I know what was the root cause of it all.

    EDIT: I take it all back :(. I had a look at some of my archived posts and the crap was on the posts. If you need to see what I mean, visit my blog's archived posts section on the right hand side, and you'll see what I mean. I'll use your guys advice to look further, and tankr, I think you're onto something...
     
    Last edited: Dec 15, 2010
  7. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
  8. noermanto

    noermanto Regular Member

    Joined:
    Nov 18, 2009
    Messages:
    305
    Likes Received:
    288
    Occupation:
    None
    Location:
    # JKT #
    Home Page:
    I think I can solve your problem, but I need to visit your blog along with admin area. We can also talk online, to discuss about it.

    UPDATE
    Glad you solve the problem.
     
  9. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
    have you ever used plugin such External Related Posts, because it Grabs related links from Google Blog Search, inserts a link to them into your post and gives them a pingback. and if you want to delete the result you should do it manually in every post
     
  10. onlinewealth

    onlinewealth Junior Member

    Joined:
    Mar 13, 2007
    Messages:
    157
    Likes Received:
    101
    Occupation:
    Direct marketing working at home.
    Location:
    "In a State of Corruption"
    The Related Blogs kind of looks like a Links or Article Page where people can add their links to your site. I would remove the entire Related Blogs section since you obviously don't have control over what gets added.

    I'd also remove the links in the footer unless they're your links. The 85ideas[dot]com is forwarding to webdesigncompany[dot]net. If that's your company then fine but if not, you're in competition with the developer of the theme.
     
  11. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Really? How did you manage to figure that out? I tried going through the php files (what oxonbeef said) but I don't see anything irregular.

    To bzy39: Yes I think I've used the plugin you're talking about. So what would be the best way to manually delete the results?
     
  12. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
    it seem the script has been removed after you clean the cache, i figure it out using Web Developer add on for FF, to see all the JavaScript code.

    and to delete it you will need to trough all the post that has the result, and delete it manually in the post content, and if you know some regex you could use it to delete all the result.
     
  13. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    It would take me too long to go over each post lol, but if I had to I would, for the sake of my blog's readers.

    I have no idea what regex is, though I have seen parts of it on some web dev forums before. I think that the time it takes me to learn the regex that would get rid of the crap would probably be less than the time it would take to do manually. Does using regex depend on specific hosting capabilities? I have economy hosting (paid) with Godaddy so am not sure in regards to regex capabilities.

    Would be keen for you to show me how it's done if you have the time. I'm not sure what I can give you as payment as I'm broke, but if you can make use out of my $20 worth of un-needed decaptcher credits I can give you that. I can see that this would be very handy to learn (am always up for learning things like this) and passing my $20 decaptcher credits would be worth it.
     
  14. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
    regex can be used in every hosting type, and sorry i can't help you, coz my self still learning it too. basically the regex script will find and delete every related blog list in the post database that match with the regex
     
  15. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Oh k thats all good, I'm thinking of deleting every single post and starting from scratch... I would lose backlinks etc but if it's what it takes I'm prepared for it.

    In the regex script, would there be some kind of algorithm that detects malicious files and has a delete function? I'm thinking it probably has some kind of looping mechanism which goes over every file, then if a fault is found, it is deleted. Would you have a sample of regex script that describes what you told me?
     
  16. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
    Code:
    http://haacked.com/archive/2004/10/25/usingregularexpressionstomatchhtml.aspx
    regex that match

    Code:
    <ul class="pc_pingback">
    ****list url of related blog
    </ul> 
     
    • Thanks Thanks x 1
  17. bzy39

    bzy39 Regular Member

    Joined:
    Jan 15, 2009
    Messages:
    439
    Likes Received:
    241
    deleted
     
    Last edited: Dec 15, 2010
  18. tankr

    tankr Junior Member

    Joined:
    Jul 30, 2010
    Messages:
    119
    Likes Received:
    23
    Location:
    English speaking world
    Yeah, thats a good idea on BHW. I'll need your SSN and DOB and backend to any website you have.. but you can trust me. Smiley Face Here.
     
  19. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    Wan't sure if that guy was intending to scam me, but I'll never give admin details to some person over the internet. If they were sitting beside me on my machine I would just get them to cover their eyes (with no peeking lol) while I'm logging in, then I watch them as they go about doing their work.

    I know he was probably wanting to help but as I said before, I won't give admin details etc to anyone I can't see in person.
     
  20. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    908
    Likes Received:
    487
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    I have the flu so am struggling to follow that at the moment. Would rather pay someone to write the code for me, I have absolutely no idea about regex and for something like this I would rather have someone that knows what they are doing to do this. Will most likely delete all the posts (about 4000 odd), but I know I can build things back up again. For now on I'll do regular checks throughout the day. Thanks to everyone's advice, I know mostly what to look out for and how to mitigate the issues.