Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   Atahualpa 3 Wordpress theme (http://forum.bytesforall.com/forumdisplay.php?f=2)
-   -   How did this link appear on my site? (http://forum.bytesforall.com/showthread.php?t=22963)

negue Dec 18, 2014 02:49 PM
How did this link appear on my site?
 
Hey Atahualpa users, mods and developers!

I have no idea how this link got on my site, I did not put it there, and most important: I don't know how to remove it. Please help.

Have I been hacked?

imgur dot com/nDQiNDd

juggledad Dec 18, 2014 03:03 PM
What version of Atahualpa and WP?
what is your url?
Where did you see the link?
did you try disabling ALL plugins (at the samet time)?

negue Dec 18, 2014 03:12 PM
I'm sorry, I should have known better.

Atahualpa 3.7.18 & Wordpress 4.1

http://goo.gl/gfASln

I only see the link when I'm logged in and visit my site. If I log out, the link is not visible.

I first saw it yesterday, after reactivating the FA Lite 3 plugin (featured articles - slider). Odd, when this plugin is deactivated, the link is not visible to the naked eye, but I still see it with "view page source". Here it is also on Google cache (with the plugin deactivated): http://webcache.googleusercontent.co...&gl=se&strip=1

negue Dec 18, 2014 03:19 PM
I just disabled all plugins, cleared cache, then checked again. The link is still there, in the code.

juggledad Dec 18, 2014 07:06 PM
Sorry, I was under the assumption that the link you gave was the link in your code. Now that I look at it I see the code you mean.

Yes you have probably been hacked. I would run a scan on your site - you could try http://sitecheck.sucuri.net

negue Dec 19, 2014 09:30 AM
Thank you, juggledad.

I did run the Sucuri SiteCheck before opening this topic, and came back better than expected: no malware, no website blacklisting, no injected spam and no defacements. The only yellow sign was for "website firewall", letting me I don't have one and suggesting one of their services. Speaking of, I might go for one of their plans, they say they're offering no page limit malware cleanup, spam injections removal, hijacking protection and more. They seem like they know what they're doing, right?

Now, can you please tell me how I remove the link? I had these plugins activated: W3 Super Cache, Yoast SEO, Yoast Google Analytics, Akismet, iThemes Security and FA Lite 3. I don't know why, but I suspect the FA 3 plugin of doing something, even though they're openly denying it.

Would it be a good move to contact my hosting and ask them if they noticed any suspicious things reg. my hosting account? I see no other evidence of hacking, but then again, adding a link could have been their original purpose.

juggledad Dec 19, 2014 12:38 PM
Without access to the site to poke, there is no way I could give you an idea of what would be needed to do and that type of investigation I would have to charge for :o sorry. If you are interested, send me a PM.


All times are GMT -6. The time now is 11:01 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.