- This topic has 12 replies, 3 voices, and was last updated 1 year, 2 months ago by
.
-
Posts
-
I know this is not a “Weaver Theme” issue. I have at least 10 websites, but 2 are the ones I have a hacked problem and I do not know how or where to remove the files that are causing the hack (it links to porn- .) here are the urls of mine:
On the bottom of the home page and every page, on the very bottom left corner, you can see a tiny graphic. I can see the code in the browser web developer tools, but I am not a coder and do not know how to remove the code. I have to get rid of this asap. Is there anyone who could help me?
I do not see any graphics at the bottom left, may be you can post a picture ore copy paste the code around it here using the “preformatted style”
But if you really think your sites were hacked, you should speak with your Host, as they have a vested interest in helping you clean it up
Hi Scrambler,
I am attaching the images of each of the pages on the 2 websites:In the photos attached you will see the tiny graphic at the bottom of the pages. I am attaching code from the pages as well. I used Firefox and the web developer tools, inspector to locate the code that has been inserted on every page.I am not a coder, but I can do some back end stuff to possibly remove this code. If I can’t figure out how to remove this code, with your guidance, I can pay you to help me get rid of it.InMotion Hosting says contact my IT guy… Well I do not have an IT guy.You have been so helpful in the past, solving my issues that I thought you could help.Thank you for your time.Warm regards,DianneHere are the images:
Funny thing is that when I go to your site links, the image is not visible because its HTML has a display:none on it, so they must have incorporated a script that decides when to show and when not to.
If you site was hacked, there are probably way more damaging things than just that image inserted.
You need an expert to help you cleanup the Whole site, not just remove that small visible part.
I am not such expert, may be @weaver will have better advice on the best way to proceed to cleanup a hacked site, but this is why I suggested you speak to your host provider.
It is in their interest to get your site cleaned up so malware does not reside on their server, and they know best on how to deal with it.IF a site is hacked, there are usually extra files added to the site file structure, or existing files modified.
I you are not using a security plugin such as WordFence, and your site is still accessible from the admin page, you could try loading that plugin and have it scan your site. It is very good at detecting stray files (hacks), and being sure the rest of the files match the contents of those from WordPress.
Another thing to do is to use your cPanel or site tools from your hosting account, and look at the dates on all the files. You can often see files with creation or change dates that are after the date you first noticed the hack. If you find stray files, often just deleting them will undo the hack.
You want to get this fixed asap since if Google detects your site has been hacked, it will block it from being accessed. (Google seems to find hacked sites the fastest, and may only block it on Chrome, but there are other security bots looking for hacked sites and have other ways to block them.) Once you’ve been blocked, it can literally take months to get your site unblocked. I had that happen to one of the sites I run, and had to duplicate the site under a different domain, and use a very tiny .html file to forward the old site to the alternative. It was months before we could return to the actual original site, and it was very very hard to get Google to un-blacklist our site.
Otherwise, the only solution is to have your host completely restore the site to its state right before you noticed the hack. Then you might have to hand restore stuff.
Then be sure to have WordFence (the one I use, there are others) running a daily scan on your site.
You could also try simply re-installing WordPress from the admin page. That may fix things quickly, and that won’t break things. Then reinstall all of your plugins, and use WordFence to scan for harmful files.
From the screen images you sent, it looks as if your site has a JavaScript injection hack that is injecting code at the very end. Someone has probably replaced a standard WP file with one with the harmful code injection included.
I just looked at the HTML output of your site and realized you are using a VERY old version of Weaver II, as well as the meteor slide plugin. I can’t tell right off which version of WordPress you might be running.
All of those things imply that your site likely includes known vulnerabilities that can be easily exploited. I’m pretty sure I remember that meteor slides was quite hackable, and has not been supported for a very long time. And while we don’t know of any in Weaver II, it is certainly possible it has vulnerabilities. If you aren’t using the latest WordPress, then there are many well known exploits available to hackers.
Sorry to say, you may be learning the importance of keeping WordPress versions up to date the hard way. The things I described above might help you get unhacked, but you must update your WordPress core, themes, and plugins to the latest versions.
Thank you both for all your thoughts. I have been meaning to update these 2 websites for my sister. I did this to several other sites recently too and it was not too challenging, just some settings to adjust. On these 2 websites I am running WordPress 4.9.3. My main concern is, where is the bad code residing, so I can remove it before I install the latest weaver theme & the latest WordPress, plugins etc.. I know how the process of converting from weaver ii pro works to the current versions. Before I do the major updates, I want to copy all the text of the entire website and take screen shots of every page. So I have work to do to get ready to update.
My question to you is if I simply update everything, won’t the bad code & javascript come within the data base of files? Is there away to find the code to remove it as well. The updates are on my agenda to do this coming week.
I also do not know how long this bad code/malware has been there. It could be along while back or recently… I also don’t have a record of when my sister updated content or when I have update content… So looking at dates won’t help on these 2 sites.
I am so grateful for your help, comments & suggestions. I am a fan of your Weaver theme and have always appreciated your help. Very grateful to you both. Thanks…. any other thoughts or suggestions are appreciated.
Dianne
If you are going to upgrade everything, then I would do the following
Install the Wordfence plugin and run a scan
Check if they get rid of it.
Next Upgrade WordPress to the latest version
See if the problem is gone
Next is Install Xtreme and switch to that, and see if the problem is still there.
Any of the operations above could get rid of the issue, and all of them combined have a fairly good chance of doing that.
Ok, I have got a plan… I will report back in a week or so when all is done. Thank you so very much!!!!
This reply has been accepted as the best answer.
Ok, I have completed all the tasks:
- install the Wordfence plugin and run a scan. Nothing found
- Check if they get rid of it.Nothing found
- Next Upgrade WordPress to the latest version. Done
- See if the problem is gone. Still there!
- Next is Install Xtreme and switch to that, and see if the problem is still there. Perfect all gone!
Thank you so much. I have updated everything and now the problem is resolved. I will keep the websites updated from now on….
I noticed there was a suspicious user and got rid of them. Somehow they came in as an administrator… Wordfence seems like a good tool, so than you for that.
I am always so grateful for all the help you give. Worth the price of the theme, for sure!!!!!
This reply has been accepted as the best answer.
Glad it worked.
Make sure to fully delete the old infected theme and plugins
- You must be logged in to reply to this topic.