• AÉZA — CLOUD SERVERS FROM 0.02€/HOUR WITH ANTIDDOS PROTECTION

  • You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Undetectable URL injected Wordpress Site, Can somebody help?

flush27

flush27

Member
Dec 10, 2019
31
61
18
Good day dear great members of Babiato.
I have a WordPress magazine blog and somehow in the past it was infected. I did almost anything I'm capable of but no way to clean those links from the google search console. I scanned the entire site manytimes, I'm using Wordfence and it doesn't give any positive sign.
I tried to remove URL's by the key string and it worked somehow in the past. However, a few days ago the URL's poped up again.
2021-03-31 18_36_17-Window.jpg

2021-03-31 18_35_59-Window.jpg


as you can see --.com/site/page.php?c108c6= embedded somehow in the root but I can't not detect where it is. I would greatly appreciate if someone can give an advice.
Thanks in advance.
 
did you install any plugin to the website before it started? how long has this been like this on your website?
 
tuton012 said:
did you install any plugin to the website before it started? how long has this been like this on your website?
Click to expand...
Thanks for your response. Well, months ago that happened and I found some malicious base64 codes after scanning the site and cleaned them. A long time later I noticed the links from G search console. I searched for the links in PHPMyAdmin but couldn't find any of them in the database. No scanner can detect them. Even though I report the links to google for deindexing, they keep existing. Search console notification says, 'Indexed, though blocked by robots.txt'. I don't know how to get around this problem.
 
Please use screamingfrog or etc. for 404 or live...


It may be a scheduled program. Urls are not always active. They can be active for a short time and then become 404 ... You need to check all your plugin and theme codes ...
 
This is well known issue with nulled plugins and themes, where some of sharers inject piece of code that ads links to your website and redirects them to specific links. I suggest you follow this https://www.wpaos.com/2020/11/13/how-to-fix-wordpress-hacked-url-injection/
secure.wphackedhelp.com

Spam Links Injection in WordPress Site - Removal Guide [2023]

secure.wphackedhelp.com


Also, happened to me once. Code is added inside one of the theme/plugin .php file, most likely config files or footer/header.

I suggest you manually check your theme/plugins files, even better, disable one by one plugin and activate one by one, if you see that issue is not present anymore, you will know what plugin is the problem. Disable all plugins and if issue is still the same, your theme is most likely infected.

For cleaning links from Google Search console, you can send request to Google via Search console to deindex existing links.
 
slavstudio said:
This is well known issue with nulled plugins and themes, where some of sharers inject piece of code that ads links to your website and redirects them to specific links. I suggest you follow this https://www.wpaos.com/2020/11/13/how-to-fix-wordpress-hacked-url-injection/
secure.wphackedhelp.com

Spam Links Injection in WordPress Site - Removal Guide [2023]

secure.wphackedhelp.com


Also, happened to me once. Code is added inside one of the theme/plugin .php file, most likely config files or footer/header.

I suggest you manually check your theme/plugins files, even better, disable one by one plugin and activate one by one, if you see that issue is not present anymore, you will know what plugin is the problem. Disable all plugins and if issue is still the same, your theme is most likely infected.

For cleaning links from Google Search console, you can send request to Google via Search console to deindex existing links.
Click to expand...
I used to use nulled plugins before but I don't have any nulled one anymore. Also, wordfence scan can not detect any malicious code either.
 
flush27 said:
I used to use nulled plugins before but I don't have any nulled one anymore. Also, wordfence scan can not detect any malicious code either.
Click to expand...
It can't detect it because it is not malicious code, it is advert code.
Advert code can't be treated as malicious code because maybe user added it for ad ravenue. That is why wordfence doesn't show it.
 
slavstudio said:
Do you use nulled template?
Click to expand...
I'm using Jnews at the moment, I downlaaded it from envato elements but after my subscription ended, I downloaded updated one from Babiato. So the theme is from Babiato, the rest of the plugins are from original repisatory.
 
Look into functions.php of theme and child theme (if any), most probably the malware codes are inserted here.
Look here anything strange or any strange URL.
 
HexGloss said:
have you tried a logger or firewall for outgoing connections??
i use "snitch" when using nulled plugins, works like a charm
github.com

GitHub - pluginkollektiv/snitch: Network monitor for WordPress. Connection overview for monitoring and controlling outgoing data traffic.

Network monitor for WordPress. Connection overview for monitoring and controlling outgoing data traffic. - pluginkollektiv/snitch
github.com github.com
also, Core Control. https://github.com/dd32/core-control
Hope it works for you.
Click to expand...
Thanks but are these still working with latest wordpress?
 
To search across all your theme and plugin files, I suggest downloading them all via FTP then use Notepad++ to Find text in folder which will scan every file in the folder for the text you enter.
 
You must log in or register to reply here.

Similar threads

D
Is there any option to open ads on clicking url short link ?
Replies
0
Views
300
Website Support & Development
dgodfather
D
J
Translatepress plugin - issue with url slugs translation
Replies
2
Views
458
Website Support & Development
Judgin999
J
Hamza Bazal
My Web URL problem
Replies
7
Views
432
Website Support & Development
pepegrillo12
pepegrillo12
Turkuaz
Wordpress get content of any url?
Replies
3
Views
589
Website Support & Development
raigen
R
J
Need Category Image and URL for OG Meta Tags
Replies
0
Views
380
Website Support & Development
jitato5994
J

Latest posts

Forum statistics

Threads
79,409
Messages
1,141,564
Members
248,128
Latest member
tashtracer95

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock