30 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has collected 10+ items on Envato Market
  • Located in United States
wahkeenasitka says

Hi Y’all..

I’m a Wordpress web designer, and in all my years doing WP, I’ve never seen anything like this. At the top of one of my client’s sites, there’s this strange hacking spam code that got put on the site. I have No Idea how to remove this. Any ideas? Plugins?

Here’s a page on the site w/ the problem: http://chimpanzeechronicles.com/sanctuaries/ It’s on several pages, including: Support, Book Events, etc..

I’ve deactivated a plugin. I’ve changed the WP password. I’ve upgraded to the latest version of WP. I’ve installed an anti-malware WP plugin.

So far nothing works.

any solutions will be greatly appreciated!

sitka

1055 posts Best-dressed man at PressNomics 2013
  • Has sold $1M+ on Envato Market and is now a Power Elite Author
  • Power Elite Author: Sold more than $1M on Envato Market
  • Made it to the Authors' Hall of Fame
  • Had an item featured on Envato Market
+10 more
Parallelus says

It looks like the ads are static and specific to each page they appear on. The content is always inside a container just after the tag with the class “sidebar_blogcontent” and from the rest of the HTML that looks like the naming convention for all the other sidebars also. They all start with “sidebar_” so it’s probably a real sidebar area designed into the theme.

Check the Widgets area to see if the code is getting inserted there. Next, check the individual pages/posts to see if there is an option to set this sidebar content directly from that edit screen. And last, look on the actual template files for to see if it’s been added there.

Since each ad is static it’s not likely to be a JavaScript creating them dynamically, rather something injected into the database or a file. I doubt it’s going to go away by disabling plugins.

280 posts
  • Has referred 10+ members
  • Has sold $40,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
PrimaThemes says

It means that your website is infected. The spam code generator can’t be injected in somewhere in your WordPress… Installing anti malware plugin when it is already infected sometimes doesn’t help.

If you have no access to the server, you need to ask your hosting to scan your website and find any malicious code inside the files in your website. Some hosting help, some hosting don’t, this is also a good time to check if your hosting have enough concern on security or not.

Additional reference that you need to read, http://wpmu.org/wordpress-security-tackling-backdoors-pharma-hacks-and-redirects/

3711 posts Ruben Bristian
  • Sells items exclusively on Envato Market
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $750,000+ on Envato Market
  • Has been part of the Envato Community for over 6 years
+10 more
KrownThemes says

Temporary solution (css):

.sidebar_blogcontent {
   display:none !important;
}
1750 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 1+ items on Envato Market
+2 more
gbs says

Yes, firstly for temporary solution you can hide the content by styling it a display:none as @RubenBristian showed above. If I were you I’d try to download the source code and search for that content inside the source files to see where is the problem. Do you backup your website content regularly ? I hope you do :)

30 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has collected 10+ items on Envato Market
  • Located in United States
wahkeenasitka says

Thank you @RubenBristian that temporary fix worked.

However, I realize this is a bigger problem. I contacted the webhost, and this is what they said:

Most likely your web-pages contains malicious codes. So, the only way to get rid of bad codes is to download your entire website to your local PC and check it with some good anti-virus. When all files are scanned and repaired (if any infected found), upload it back to your account.

I’m tempted to move the website to a new webhost because this is a retarded answer, it seems like they know nothing.

In terms of backing up website content, no. That’s not my responsibility. Nor do I know how to do that. This is a website I made for a client a year ago. I help out with minor tech issues periodically but this is far from my most important priority website.

30 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has collected 10+ items on Envato Market
  • Located in United States
wahkeenasitka says

Got it figured out guys. It’s all good. We’ve worked it out. We can close this thread.

738 posts
  • Has collected 10+ items on Envato Market
  • Has been part of the Envato Community for over 6 years
  • Located in United States
  • Sells items exclusively on Envato Market
Jar says

What was it? You used pretty generic descriptors in the title/post, so it’s likely somebody will end up here from Google with a similar issue – might want to expand on what it was/what you did.

30 posts
  • Has been part of the Envato Community for over 5 years
  • Has referred 1+ members
  • Has collected 10+ items on Envato Market
  • Located in United States
wahkeenasitka says

Jar,

What happened is my client inadvertently downloaded a virus onto her computer (this is the running theory) – and when she logged into her WP site a week ago, it memorized the keystrokes of her password and sent the login password to virus headquarters in romania or something… and then the virus went in and started adding these weird files into a cache folder inserted in the template folder… and there were quite a few of them. also, the header.php and various other files got tweaked so that the original files php were changed to allow the virus to appear on the site.

I had to login via ftp, delete the cache folder files, re-upload the original header.php file from the template, go into WP, change the passwords, login to the Control Panel and change the passwords… the Web Hosting tech support helped a lot too!

Helpful Information

  • Please read our community guidelines. Self promotion and discussion of piracy is not allowed.
  • Open a support ticket if you would like specific help with your account, deposits or purchases.
  • Item Support by authors is optional and may vary. Please see the Support tab on each item page.

Most of all, enjoy your time here. Thank you for being a valued Envato community member.

Post Reply

Format your entry with some basic HTML. Read the Full Details, or here is a refresher:

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody

:grin: :shocked: :cry: Complete List of Smiley Codes

by
by
by
by
by
by