Thread Starter
Juba
(@brightonseo)
Looks like the same link.
Here’s what I did to remove it although I don’t know if it will come back because it ws injected from plugins, I’m not sure which one.
1. Install Wordfence plugin
2. Make sure in plugin options, you select the theme file changes and plugin file changes.
3. Run scan and when complete, scroll down to results and click on retore file to original for plugin results.
4. For theme result if any, jus ignore until it changes.
Check source code again and you’ll see that the link is now gone.
After this I installed Better WordPress Security as well to help hide some files and beef up security for the site.
Plugin Author
Eli
(@scheeeli)
If you can email me with a WP Admin login to your site I will look for the malicious code that is injecting that link.
Send credentials directly to my email: eli at gotmls dot net
Aloha, Eli
Thread Starter
Juba
(@brightonseo)
If you let me know how you get on and what you find please share it on this thread as it will be beneficial to me and others with the same problem.
Thanks
Thread Starter
Juba
(@brightonseo)
I have also sent a Penguin spam report for the link on your site so that’s the third one I’ve reported this week and I’ve been assured it will be deindexed. 🙂
Whoever is doing this is wasting his time and money and everytime i see a link like this, I immediately report it so that it gets blacklisted.
Seems like my problem is solve,MUCHAS GRACIAS. 🙂
Plugin Author
Eli
(@scheeeli)
vinciandres,
I did remove the links from you theme files but there are more infections that I am still working on.
Thread Starter
Juba
(@brightonseo)
Eli
I don’t think this is a theme problem, it’s injected from plugin vulnerability.
opps sorry, your administrator acount is ON again… sorry…
Thread Starter
Juba
(@brightonseo)
The bad thing about this hack is that it’s likely that there is a backdoor that the hacker has left in place so that they can keep on doing it,
Plugin Author
Eli
(@scheeeli)
vinciandres,
I was not finished but it looks like you already restricted my admin access to your site so I cannot remove the rest of the treats I found.
I guess you may want to do this yourself:
1. There is still a backdoor in wp-includes/cm.php, this file can be deleted but make sure it is no longer included in any other scripts or it could break your site.
2. Your .htaccess file in the root of the site has a malicious conditional redirect in it, but there is also good code in the bottom of that file.
There may be other infections but, as I said, I could not finish.
Aloha, Eli
Thread Starter
Juba
(@brightonseo)
Eli
Could you have a look at my site to see if there is any file that is compromised?
I get the feeling you’re not interested in what I have to say which saya a lot really.
Sorry Eli, i really Sorry, I thought you were done, I do not know how to solve these other infections. I appreciate what you’ve done so far. I have renewed your administration permissions if you can continue helping me.
thanks anyway,
I will donate as soon as i can.
You are a bless
