Press "Enter" to skip to content

WordPress Hidden Link Injection Repair

WordPress's Hidden Link Injection Attack has become a concern for many users who use WordPress every day. For those unfamiliar with this issue, the attack inserts links into the files of the active WordPress themes, mainly pointing to adult profiles elsewhere on the web. These links are completely hidden, so you may never know them or understand your visitors. But search engine spiders will certainly select them – and will therefore punish you.

Detect
to see if your WordPress installation has been compromised easily. Just look at the source of your homepage and find any code that doesn't belong. Check the top and bottom of the file near, as this is where I found the hidden link exists. They are also usually included in HTML comments.


<u><a href = https: //translate.googleusercontent.com/translate_c? depth = 1 &#038; amp; hl = en &#038; amp; ie = UTF8 &#038; amp; prev = _t &#038; amp; rurl = translate.google.com &#038; amp; sl = en &#038; amp; sp = nmt4 &#038; amp; tl = en &#038; amp; u = http: //ezinearticles.com/some_url&#038;xid=17259,1500004,15700022,15700105,15700124,15700149,15700168,15700173,15700186,15700201 &#038; amp; usg = ALkJrhiTj08R1wnWdyzQmY4bon9Nyhb_CQ> Some website 1 </a> <a href = https: //translate.googleusercontent.com/translate_c? depth = 1 &#038; amp; hl = en &#038; amp; ie = UTF8 &#038; amp; prev = _t &#038; amp; rurl = translate.google.com &#038; amp; sl = en &#038; amp; sp = nmt4 &#038; amp; tl = en &#038; amp; u = http: //ezinearticles.com/some_url&#038;xid=17259,1500004,15700022,15700105,15700124,15700149,15700168,15700173,15700186,15700201 &#038; amp; usg = ALkJrhiTj08R1wnWdyzQmY4bon9Nyhb_CQ> Some website 2 </a> &#8230; &lt;a href = https://translate.googleusercontent.com/translate_c? Depth = 1&amp;amp; hl = en&amp;amp;that is = UTF8&amp;amp; prev = _t&amp;amp; rurl = translate.google.com&amp;amp; sl = en&amp;amp; sp = nmt4&amp;amp; tl = en&amp;amp; u = http://ezinearticles.com/some_url&amp;amp; xid = 17259,1500004,15700022,15700105,15700124,15700149,15700168,15700 </u> <u> 173,15700186,15700201&amp;amp; usg = ALkJrhiTj08R1wnWdyzQmY4bon9Nyhb_CQ&gt;Some sites n </a></u>

If you see such code, it is probable that you are hidden by WordPress Link injection attack victims.

How do they do this?
Again, there is a security vulnerability in WordPress version 2.8.x that allows external users to hijack the /wp-admin/upload.php file and insert files on the server that may have been used for various malicious purposes. One of the goals is to hide the link injection. WordPress 2.9 fixed this bug, however, a simple upgrade is not enough. External users will no longer be able to hijack upload.php, but the files they have inserted will still be coordinated attacks.

This is why simply deleting the link from header.php or footer.php (where I see the link) is not enough. You will notice that the link will reappear. We must now treat this disease, not just symptoms.

Problem solving
First, always keep your WordPress installation up to date! It will not be easier to update. Just click on the alert shown at the top of the dashboard and follow the instructions. It takes text 10 seconds.

Next, change the password for the admin WordPress user. Also change your MySQL user's password.

Finally, find the file that the vulnerability has inserted by upload.php. I found two separate instances of these two files, all located in the wp-includes folder. Check the permissions of each file in wp-includes and investigate any files with 777 permissions (this is your first clue, stating certain errors). The class-rss.php and feed-atom2.php are the cause of the two files I have seen. Cleverly named files. These two files are not native files in the WordPress code library and can be safely deleted. If you open these files and know some PHP, you will find these files are definitely the culprit.

These steps should protect your WordPress installation from hidden link injection attacks.

Staying vigilant
Just because we have solved this problem does not guarantee that you will be immune forever. Hackers are always looking for updates and better ways to crack something. WordPress is very good at fixing security problems, but someone in some place will attack the guinea pig – and then report it to WordPress.

A great plug-in I started with is the WordPress File Monitor. This plugin will scan your WordPress installation and report if any files have been added, deleted or changed. The plug-in can be customized to run on the schedule you set. You can also exclude the directory from the plug-in's report so that you won't receive an alert each time you upload an image for a post. However, I recommend that you do not exclude the directory because it may be the next location of the next vulnerability.

Business Credit: No Personal Credit And No Personal Guarantee Our Business Credit Membership Provides Weekly Training,resources,vendor Credit Lines, Cash Credit Sources And Banking Contacts. Brand New High Converting Self Help/wealth Generation Success Package. How To Buy Commercial Real Estate With No Cash And No Credit! Birddogbot - Real Estate Deal-finding Solution For Investors (view mobile)! Fan Victor - The Ultimate Fantasy Sports Plug-in (view mobile)! Get Lifetime Commission Per Customer! Our $1 Trial + Live Support Is Converting Like Crazy! Learn To Speak The Hebrew That Really Matters Using Sound, Video And Text. Recurring Charge! Legit Writing Jobs (view mobile)! Modern Love - Dating And Relationship / Get Your Ex Back (view mobile)! Next Generation Backlink Indexer. Own The Software That Takes Backlink Indexing To The Next Level With Our Brute Force Technology! Maitrisez Votre Acne Natural Treatment For Acne- Acne Treatment French Version. (view mobile) Membership Site For Learning Spray Paint Art. There Is A Thriving Community Of Street And Spray Paint Artists Online And In The World! Diy Car Painting Auto Body Course - Great For Automotive Male Traffic (view mobile) Astonishing Conversions On This New Online Dating For Women Program From Digital Romance. A Service That Every Homeowner Desperately Can Use: A Property Tax Assessment Review Service. Roofing Business Blueprint Uses The Latest Software & Marketing Tools Developed By Roofing Sales Training Expert David Deschaine! Discover How You Can Build A Complete Business Or Corporate Credit Profile In 90 Days! The Big Diabetes Lie - Real Dr Approved Diabetes Offer (view mobile) This Is An 11 Hour Video Course Teaching Guys How To Pick Up/date Women By Improving Their Communication Skills With Women! It's Never Been This Easy To Make Money Promoting Registry Cleaners! Instabuilder 2.0 - The Ultimate WordPress Marketing Plugin (view mobile)! Internet Jetset - Join The Internets Elite Group Of Middlemen (view mobile)! "#1 Stock Investing Club", Wealth Builders Club,monthly Commissions (view mobile)! Join The Live Stream Event From Anywhere On Any Device! Killer Conversions With 1 Click Recurring Billing Upsells For Max Earnings. The Millionaire Society Provides The Highest Quality Make Money Products Available! Lowest Refunds In The Market Because Customers Love This Product! Long Term Money Maker! Just Ask! Promote This, It Makes You Money! Put This Beast To Work For You On Lists Or Cold Traffic And Just Watch The Dollars Pile Up. New - Recurring Billing Front End! Huge Conversions (5%+ In Tests). 101 Toxic Food Ingredients - New Conversion Breakthrough! For Problem Drinkers. Enjoy A Strong Conversion Rate! Radical Inner Game - The Ultimate Seduction Product! hese Fun And Exciting Games Will Shoot Your Retention Rates Through The Roof! The Oxidized Cholesterol Strategy - Blue Heron Health News (view mobile)! Personal Trainers, Weightroom Instructors And Group Fitness Instructors Looking To Get Better Results With Injuries, Fitness Plateaus And Preventing Injuries! Self-esteem Elevation For Children Coaching Certification! Family Friendly Fat Burning Meals! A Lifetime Of Homework (view mobile)! Tacfit 26: New Generation. The Tactical Fitness Personal Gym System. (view mobile)! Reiki Healing Association Membership (view mobile)! Push Button Marketer - Automation Software For Internet Marketers! Biz Opportunity - Start Your Own Online Embroidery Business From Home (view mobile)! Gray Hair No More - Reverse Gray Hair - 2018 Update! Five Of The Top Converting Dating And Relationship Offers For Women! Pet Sitting Business Start Up Kit (view mobile)! Feel Tennis Online Video Instruction Courses (view mobile)! This Is A Sports Spread Betting Subscription Service That Generates Consistent Monthly Returns For Its Members! Pirate Ship Playhouse Plans (view mobile)! Sex Advice Education Programs By Gabrielle Moore! Robust 4-week Nutrition Education For Those Who Want To Quit Yo-yo Dieting And Learn How To Eat Healthy Forever! Fulfilling Relationships Course - Become Skilled (view mobile) 15-hour Video Course In Which You Learn 17 Relationship Skills To Create A Fulfilling Love Life, And Inspiring Friendships! Evergreen Web-store With 270+ Subliminal Mp3s In All Areas Of Self Improvement And The Law Of Attraction! Fearless Flow Conversation System! Full Shopping Cart- Brainwave Recordings, Health, Wealth, Prosperity, Manifestation, Success! Personal Development Offer: Killer Hook, Amazing Conversions! Push Button Marketer - Automation Software For Internet Marketers! Get Free Flights With Travel Hacking! 30-day Crash Course: Transgender Voice Feminization (view mobile)! Aquarius Man Secrets (view mobile)! How To Write Songs That Sell (view mobile)! Public Speaking Certification (view mobile)! Speak To Spark Arousal - For Men (view mobile) 5+ Hours Of Video Demonstration Modules That Help Men Start And Move Through Conversation With Ease!

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Mission News Theme by Compete Themes.