Andrea Posted March 8, 2015 Report Share Posted March 8, 2015 This is too weird - I have not been to my own website in a while -- www.aandbwebdesign.com (Wordpress) - but clicked on it yesterday for no good reason and noticed i the upper a link to a site. It was late, I didn't want to deal with it. Today, when I look at the page with Firefox, I do not see it, but I see it when I view the page in IE and Opera. when I then look at the code, I find </head> <body> <div id="fb-root"> <a href="http://bboyfactory.com/side-effect-of--50/">side effect of 50</a> </div> When I look at it in Firefox, all I see is: </head> <body> <div id="fb-root"></div> I've created a copy of all the online files onto my computer, and have run a search for fb-root and --- but I find NOTHING!!! I'm at a loss right now how else I might be able to find how this link got on my site.... Quote Link to comment Share on other sites More sharing options...
administrator Posted March 8, 2015 Report Share Posted March 8, 2015 Hi, Sounds like you were hacked. Have you updated to the latest version of wordpress? The reason you see it in one browser and not in another, is probably because of browser sniffing ... it would be in the PHP code somewhere, where if the user is using IE, they add the link. Remember when we were hacked here a couple of years, back where the hack only impacted mobile traffic. Anyway, update your wordpress and check your theme files too for the hack, because when you update Wordpress, themes are not updated automatically. Stef Quote Link to comment Share on other sites More sharing options...
administrator Posted March 8, 2015 Report Share Posted March 8, 2015 Because of Wordpress' vulnerabilities, we've created our own simple blog engine for our new sites. The fact that it is closed-source, makes it much harder to hack. Wordpress, this forum, Drupal and other commercial software, are always going to be more vulnerable to hackers, since the codebase is accessible ... they can snoop the source code for vulnerabilities. ... I would give away our simple blog except that it would then open us up to the same problem. Stef Quote Link to comment Share on other sites More sharing options...
Andrea Posted March 9, 2015 Author Report Share Posted March 9, 2015 Thanks, Stef. I do have the latest WP version,and the Theme is one I created myself based on your KS video tutorial. I guess I'll keep poking around until I figure it out. Quote Link to comment Share on other sites More sharing options...
administrator Posted March 10, 2015 Report Share Posted March 10, 2015 Have you changed your passwords? Make sure they're strong ... both WP and FTP. S Quote Link to comment Share on other sites More sharing options...
Andrea Posted March 10, 2015 Author Report Share Posted March 10, 2015 I thought they were pretty good - symbols, numbers, and all that stuff, but I better change them anyway. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted March 14, 2015 Report Share Posted March 14, 2015 I had to deal with a couple sites like this recently. Start by uploading fresh, safe Wordpress files, overwriting anything that's there (just the core Wordpress files though, and don't overwrite your wp-content directory). After, double check for suspicious code in all your theme files or in the wp-config file. It will be PHP, but it will most likely look like a block of gibberish (so you can't easily search for the text). Then, download/install https://wordpress.org/plugins/exploit-scanner/and the free version of https://wordpress.org/plugins/sucuri-scanner/, run their scans, and see if you catch anything else. In many cases, an exploit will randomly duplicate itself within your wp-content directory, those files need to be looked at too. Quote Link to comment Share on other sites More sharing options...
Andrea Posted March 17, 2015 Author Report Share Posted March 17, 2015 HA! Found the jibberish in my functions.php. For now, I just put my original back, and it's clean at the moment. I have a lot of other stuff going on right now, not much time to play, but I'll see if the junk comes back. Thank you both!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.