Undetectable URL injected Wordpress Site, Can somebody help?

flush27

flush27

Member
Dec 10, 2019
23
39
18
Good day dear great members of Babiato.
I have a WordPress magazine blog and somehow in the past it was infected. I did almost anything I'm capable of but no way to clean those links from the google search console. I scanned the entire site manytimes, I'm using Wordfence and it doesn't give any positive sign.
I tried to remove URL's by the key string and it worked somehow in the past. However, a few days ago the URL's poped up again.
2021-03-31 18_36_17-Window.jpg

2021-03-31 18_35_59-Window.jpg


as you can see --.com/site/page.php?c108c6= embedded somehow in the root but I can't not detect where it is. I would greatly appreciate if someone can give an advice.
Thanks in advance.
 
tuton012

tuton012

Strive for progress, not perfection
Babiato Lover
Trusted Uploader
May 23, 2019
1,607
2,060
120
Near You
did you install any plugin to the website before it started? how long has this been like this on your website?
 
flush27

flush27

Member
Dec 10, 2019
23
39
18
tuton012 said:
did you install any plugin to the website before it started? how long has this been like this on your website?
Click to expand...
Thanks for your response. Well, months ago that happened and I found some malicious base64 codes after scanning the site and cleaned them. A long time later I noticed the links from G search console. I searched for the links in PHPMyAdmin but couldn't find any of them in the database. No scanner can detect them. Even though I report the links to google for deindexing, they keep existing. Search console notification says, 'Indexed, though blocked by robots.txt'. I don't know how to get around this problem.
 
NextMan

NextMan

Member
Sep 8, 2020
59
20
8
Please use screamingfrog or etc. for 404 or live...


It may be a scheduled program. Urls are not always active. They can be active for a short time and then become 404 ... You need to check all your plugin and theme codes ...
 
S

slavstudio

Member
Oct 26, 2020
33
11
8
This is well known issue with nulled plugins and themes, where some of sharers inject piece of code that ads links to your website and redirects them to specific links. I suggest you follow this https://www.wpaos.com/2020/11/13/how-to-fix-wordpress-hacked-url-injection/
secure.wphackedhelp.com

Spam Links Injection in WordPress Site - Removal Guide [2023]

secure.wphackedhelp.com


Also, happened to me once. Code is added inside one of the theme/plugin .php file, most likely config files or footer/header.

I suggest you manually check your theme/plugins files, even better, disable one by one plugin and activate one by one, if you see that issue is not present anymore, you will know what plugin is the problem. Disable all plugins and if issue is still the same, your theme is most likely infected.

For cleaning links from Google Search console, you can send request to Google via Search console to deindex existing links.
 
flush27

flush27

Member
Dec 10, 2019
23
39
18
slavstudio said:
This is well known issue with nulled plugins and themes, where some of sharers inject piece of code that ads links to your website and redirects them to specific links. I suggest you follow this https://www.wpaos.com/2020/11/13/how-to-fix-wordpress-hacked-url-injection/
secure.wphackedhelp.com

Spam Links Injection in WordPress Site - Removal Guide [2023]

secure.wphackedhelp.com


Also, happened to me once. Code is added inside one of the theme/plugin .php file, most likely config files or footer/header.

I suggest you manually check your theme/plugins files, even better, disable one by one plugin and activate one by one, if you see that issue is not present anymore, you will know what plugin is the problem. Disable all plugins and if issue is still the same, your theme is most likely infected.

For cleaning links from Google Search console, you can send request to Google via Search console to deindex existing links.
Click to expand...
I used to use nulled plugins before but I don't have any nulled one anymore. Also, wordfence scan can not detect any malicious code either.
 
S

slavstudio

Member
Oct 26, 2020
33
11
8
flush27 said:
I used to use nulled plugins before but I don't have any nulled one anymore. Also, wordfence scan can not detect any malicious code either.
Click to expand...
It can't detect it because it is not malicious code, it is advert code.
Advert code can't be treated as malicious code because maybe user added it for ad ravenue. That is why wordfence doesn't show it.
 
flush27

flush27

Member
Dec 10, 2019
23
39
18
slavstudio said:
Do you use nulled template?
Click to expand...
I'm using Jnews at the moment, I downlaaded it from envato elements but after my subscription ended, I downloaded updated one from Babiato. So the theme is from Babiato, the rest of the plugins are from original repisatory.
 
HexGloss

HexGloss

New member
Mar 11, 2020
6
1
3
johnc

johnc

Well-known member
Feb 18, 2021
288
261
63
Look into functions.php of theme and child theme (if any), most probably the malware codes are inserted here.
Look here anything strange or any strange URL.
 
T

TylerDurden

New member
Sep 19, 2019
13
8
3
HexGloss said:
have you tried a logger or firewall for outgoing connections??
i use "snitch" when using nulled plugins, works like a charm
github.com

GitHub - pluginkollektiv/snitch: Network monitor for WordPress. Connection overview for monitoring and controlling outgoing data traffic.

Network monitor for WordPress. Connection overview for monitoring and controlling outgoing data traffic. - pluginkollektiv/snitch
github.com github.com
also, Core Control. https://github.com/dd32/core-control
Hope it works for you.
Click to expand...
Thanks but are these still working with latest wordpress?
 
X

xeric

Member
Apr 5, 2019
93
21
8
To search across all your theme and plugin files, I suggest downloading them all via FTP then use Notepad++ to Find text in folder which will scan every file in the folder for the text you enter.
 
You must log in or register to reply here.

Similar threads

Turkuaz
Wordpress get content of any url?
Replies
3
Views
507
Website Support & Development
raigen
R
J
Need Category Image and URL for OG Meta Tags
Replies
0
Views
328
Website Support & Development
jitato5994
J
mixtape25
Load URL in Background (affil cookie dropping)
Replies
3
Views
387
Website Support & Development
Tatenda
T
Smart Club Boys
Page contains a suspected malware URL
Replies
2
Views
552
Website Support & Development
NuriT
NuriT
K
Wordpress "redirected too many times" problem but only homepage url
Replies
16
Views
1K
Website Support & Development
zzn
Z

Latest posts

Forum statistics

Threads
69,220
Messages
908,402
Members
236,976
Latest member
zakusok

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom