29 posts
  • Bought between 10 and 49 items
  • Has been a member for 4-5 years
  • Referred between 1 and 9 users
  • United States
wahkeenasitka says

Hi Y’all..

I’m a Wordpress web designer, and in all my years doing WP, I’ve never seen anything like this. At the top of one of my client’s sites, there’s this strange hacking spam code that got put on the site. I have No Idea how to remove this. Any ideas? Plugins?

Here’s a page on the site w/ the problem: http://chimpanzeechronicles.com/sanctuaries/ It’s on several pages, including: Support, Book Events, etc..

I’ve deactivated a plugin. I’ve changed the WP password. I’ve upgraded to the latest version of WP. I’ve installed an anti-malware WP plugin.

So far nothing works.

any solutions will be greatly appreciated!

sitka

1017 posts Best-dressed man at PressNomics 2013
  • Attended a Community Meetup
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Has attended an Envato Live event
  • Has been a member for 5-6 years
+5 more
Parallelus says

It looks like the ads are static and specific to each page they appear on. The content is always inside a container just after the tag with the class “sidebar_blogcontent” and from the rest of the HTML that looks like the naming convention for all the other sidebars also. They all start with “sidebar_” so it’s probably a real sidebar area designed into the theme.

Check the Widgets area to see if the code is getting inserted there. Next, check the individual pages/posts to see if there is an option to set this sidebar content directly from that edit screen. And last, look on the actual template files for to see if it’s been added there.

Since each ad is static it’s not likely to be a JavaScript creating them dynamically, rather something injected into the database or a file. I doubt it’s going to go away by disabling plugins.

279 posts
  • Sold between 50 000 and 100 000 dollars
  • Exclusive Author
  • Has been a member for 1-2 years
  • Bought between 10 and 49 items
  • Referred between 10 and 49 users
PrimaThemes says

It means that your website is infected. The spam code generator can’t be injected in somewhere in your WordPress… Installing anti malware plugin when it is already infected sometimes doesn’t help.

If you have no access to the server, you need to ask your hosting to scan your website and find any malicious code inside the files in your website. Some hosting help, some hosting don’t, this is also a good time to check if your hosting have enough concern on security or not.

Additional reference that you need to read, http://wpmu.org/wordpress-security-tackling-backdoors-pharma-hacks-and-redirects/

3393 posts Nice Guy
  • Most Wanted Bounty Winner
  • Elite Author
  • Sold between 250 000 and 1 000 000 dollars
  • Has been a member for 6-7 years
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Won a Competition
  • Bought between 100 and 499 items
  • Exclusive Author
  • Referred between 500 and 999 users
+5 more
KrownThemes says

Temporary solution (css):

.sidebar_blogcontent {
   display:none !important;
}
1729 posts
  • Envato Studio (Microlancer) Beta Tester
  • Sold between 10 000 and 50 000 dollars
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 1 and 9 users
  • Bought between 1 and 9 items
gbs says

Yes, firstly for temporary solution you can hide the content by styling it a display:none as @RubenBristian showed above. If I were you I’d try to download the source code and search for that content inside the source files to see where is the problem. Do you backup your website content regularly ? I hope you do :)

29 posts
  • Bought between 10 and 49 items
  • Has been a member for 4-5 years
  • Referred between 1 and 9 users
  • United States
wahkeenasitka says

Thank you @RubenBristian that temporary fix worked.

However, I realize this is a bigger problem. I contacted the webhost, and this is what they said:

Most likely your web-pages contains malicious codes. So, the only way to get rid of bad codes is to download your entire website to your local PC and check it with some good anti-virus. When all files are scanned and repaired (if any infected found), upload it back to your account.

I’m tempted to move the website to a new webhost because this is a retarded answer, it seems like they know nothing.

In terms of backing up website content, no. That’s not my responsibility. Nor do I know how to do that. This is a website I made for a client a year ago. I help out with minor tech issues periodically but this is far from my most important priority website.

29 posts
  • Bought between 10 and 49 items
  • Has been a member for 4-5 years
  • Referred between 1 and 9 users
  • United States
wahkeenasitka says

Got it figured out guys. It’s all good. We’ve worked it out. We can close this thread.

738 posts
  • Has been a member for 5-6 years
  • United States
  • Bought between 10 and 49 items
  • Exclusive Author
Jar says

What was it? You used pretty generic descriptors in the title/post, so it’s likely somebody will end up here from Google with a similar issue – might want to expand on what it was/what you did.

29 posts
  • Bought between 10 and 49 items
  • Has been a member for 4-5 years
  • Referred between 1 and 9 users
  • United States
wahkeenasitka says

Jar,

What happened is my client inadvertently downloaded a virus onto her computer (this is the running theory) – and when she logged into her WP site a week ago, it memorized the keystrokes of her password and sent the login password to virus headquarters in romania or something… and then the virus went in and started adding these weird files into a cache folder inserted in the template folder… and there were quite a few of them. also, the header.php and various other files got tweaked so that the original files php were changed to allow the virus to appear on the site.

I had to login via ftp, delete the cache folder files, re-upload the original header.php file from the template, go into WP, change the passwords, login to the Control Panel and change the passwords… the Web Hosting tech support helped a lot too!

by
by
by
by
by
by