how to locate source of site hack
-
hi, a client for whom i do hardware and software support had their site hacked. they don’t have a webmaster, so they asked me to fix it (i’ve played a bit with wordpress for my own site).
their site uses thesis 1.7. when the site loads the first time, there is a link to a bogus loan site displayed in the header area. if i click on refresh, it goes away. the code in customs_functions.php is:
function custom_header() { ?> <p id="logo"> <a href="<?php bloginfo('url'); ?>"> <img width="960" src="https://theclient.com/wp-content/uploads/2011/07/logo4.png"> </a> </p> <!--<h1 id="tagline"><?php bloginfo('description'); ?></h1>--> <?php }when the site loads, the html is
<p id="logo"> <a href="https://theclient.com"> <img width="960" src="https://theclient.com/wp-content/uploads/2011/07/logo4.png"> </a> <a href=https://globloans.com/apply-now.html> https://globloans.com/apply-now.html </a> </p> <!--<h1 id="tagline">the client's real tagline</h1>-->pls, can anybody give me an idea where to look as to how this link gets inserted?
notes:
1) the inserted bogus link also appears when i try to log in at theclient.com/wp-login.php. also, disappears upon refresh.2) i changed the client’s url in the code above as i cannot speak for the integrity of the site currently. if necessary, i can provide the url for the client site.
tx muchly. any and all suggestions welcome.
- The topic ‘how to locate source of site hack’ is closed to new replies.