sandyj Posted May 31, 2010 Posted May 31, 2010 My site was recently hacked - thanks goes to Germ who pointed out the thousands of spam links that appeared on the source of my index.php page. Just wanted to share with you how I removed all those links, thus hopefully fixing the problem. I found 8 suspect files in /public_html/admin/includes/languages/espanol/modules/newsletters. The were called cns, csi, kwd, lb, lock, rlf, skwd and swf (no extensions). Once I had deleted them, the links were gone. Not sure if that is the solution for everyone, but hope it helps. Regards Sandy
charmed-imsure Posted June 3, 2010 Posted June 3, 2010 My site was recently hacked - thanks goes to Germ who pointed out the thousands of spam links that appeared on the source of my index.php page. Just wanted to share with you how I removed all those links, thus hopefully fixing the problem. I found 8 suspect files in /public_html/admin/includes/languages/espanol/modules/newsletters. The were called cns, csi, kwd, lb, lock, rlf, skwd and swf (no extensions). Once I had deleted them, the links were gone. Not sure if that is the solution for everyone, but hope it helps. Regards Sandy This is really helpful. I found those files + more but they were in catalog/admin/includes/languages/english/images/buttons took me a while to find them! I have also noticed that in all of my PHP files, they all begin with this: <?php /**/eval(base64_decode( I can't recall ever seeing that before so I wonder is that normal? Or do I need to now go through all my files and delete that bit?
germ Posted July 1, 2010 Posted July 1, 2010 My site was recently hacked - thanks goes to Germ who pointed out the thousands of spam links that appeared on the source of my index.php page. Just wanted to share with you how I removed all those links, thus hopefully fixing the problem. I found 8 suspect files in /public_html/admin/includes/languages/espanol/modules/newsletters. The were called cns, csi, kwd, lb, lock, rlf, skwd and swf (no extensions). Once I had deleted them, the links were gone. Not sure if that is the solution for everyone, but hope it helps. Regards Sandy You either missed something or didn't plug the security leak that allowed the hack.... Look at your page cache in google. The spam links are back. :'( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.