|
#1
Dec 18, 2014, 03:49 PM
|
|
|
13 posts · Jul 2012
Romania
|
|
Hey Atahualpa users, mods and developers!
I have no idea how this link got on my site, I did not put it there, and most important: I don't know how to remove it. Please help.
Have I been hacked?
imgur dot com/nDQiNDd
Last edited by juggledad; Dec 18, 2014 at 04:02 PM.
|
#2
Dec 18, 2014, 04:03 PM
|
|
|
|
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
|
|
What version of Atahualpa and WP?
what is your url?
Where did you see the link?
did you try disabling ALL plugins (at the samet time)?
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
|
#3
Dec 18, 2014, 04:12 PM
|
|
|
13 posts · Jul 2012
Romania
|
|
I'm sorry, I should have known better.
Atahualpa 3.7.18 & Wordpress 4.1
http://goo.gl/gfASln
I only see the link when I'm logged in and visit my site. If I log out, the link is not visible.
I first saw it yesterday, after reactivating the FA Lite 3 plugin (featured articles - slider). Odd, when this plugin is deactivated, the link is not visible to the naked eye, but I still see it with "view page source". Here it is also on Google cache (with the plugin deactivated): http://webcache.googleusercontent.co...&gl=se&strip=1
|
#4
Dec 18, 2014, 04:19 PM
|
|
|
13 posts · Jul 2012
Romania
|
|
I just disabled all plugins, cleared cache, then checked again. The link is still there, in the code.
|
#5
Dec 18, 2014, 08:06 PM
|
|
|
|
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
|
|
Sorry, I was under the assumption that the link you gave was the link in your code. Now that I look at it I see the code you mean.
Yes you have probably been hacked. I would run a scan on your site - you could try http://sitecheck.sucuri.net
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
Last edited by juggledad; Dec 18, 2014 at 08:13 PM.
|
#6
Dec 19, 2014, 10:30 AM
|
|
|
13 posts · Jul 2012
Romania
|
|
Thank you, juggledad.
I did run the Sucuri SiteCheck before opening this topic, and came back better than expected: no malware, no website blacklisting, no injected spam and no defacements. The only yellow sign was for "website firewall", letting me I don't have one and suggesting one of their services. Speaking of, I might go for one of their plans, they say they're offering no page limit malware cleanup, spam injections removal, hijacking protection and more. They seem like they know what they're doing, right?
Now, can you please tell me how I remove the link? I had these plugins activated: W3 Super Cache, Yoast SEO, Yoast Google Analytics, Akismet, iThemes Security and FA Lite 3. I don't know why, but I suspect the FA 3 plugin of doing something, even though they're openly denying it.
Would it be a good move to contact my hosting and ask them if they noticed any suspicious things reg. my hosting account? I see no other evidence of hacking, but then again, adding a link could have been their original purpose.
|
#7
Dec 19, 2014, 01:38 PM
|
|
|
|
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
|
|
Without access to the site to poke, there is no way I could give you an idea of what would be needed to do and that type of investigation I would have to charge for sorry. If you are interested, send me a PM.
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
|
|