Found Unwanted Links in our Contents - How to stop link insertion

Discussion in 'PHP' started by seomanualsubmission, Aug 18, 2022.

  1. #1
    Hi,

    I found some unwanted links in our contens. Notice one thing that these links are appear in dynamic contents (Which are submitted from admin panel) for example Faq details, New and update of page.

    When i submit details then all things are looking fine but after few days or weeks then i check contents then found some unwanted links which are not appearing on site because either in style hidden attribute or font size is 0, these will appear only in admin panel source code.

    Example
    <p><a href="https://www.kidneystonesclinic.in/" style="font-size:0px;">Best Nephrology &amp; Urology Hospital in Chennai</a></p>
    Code (markup):
    How can i stop these types of issue.
     
    Solved! View solution.
    seomanualsubmission, Aug 18, 2022 IP
  2. sarahk

    sarahk iTamer Staff

    Messages:
    28,875
    Likes Received:
    4,547
    Best Answers:
    123
    Trophy Points:
    665
    #2
    You've been hacked and there's an injection script somewhere on your site. Clean it up, change your passwords, look at your file and folder permissions.
     
    sarahk, Aug 18, 2022 IP
  3. seomanualsubmission

    seomanualsubmission Well-Known Member

    Messages:
    930
    Likes Received:
    133
    Best Answers:
    4
    Trophy Points:
    165
    #3
    Is there any way to check code ..... There are multiple file .... One more thing i want to say that links are inserted only in those contents which are adding dynamically ..... if we write on any static page then all things are fine.

    If any suggestion then please let me know to clean all script fastly.
     
    seomanualsubmission, Aug 18, 2022 IP
  4. sarahk

    sarahk iTamer Staff

    Messages:
    28,875
    Likes Received:
    4,547
    Best Answers:
    123
    Trophy Points:
    665
    #4
    Depends on the cms - google how to clean up and the cms name.
    If it's Wordpress there are good plugins that will scan for the problem code. I'd say you have a .PHP in your uploads folders.
     
    sarahk, Aug 18, 2022 IP
  5. seomanualsubmission

    seomanualsubmission Well-Known Member

    Messages:
    930
    Likes Received:
    133
    Best Answers:
    4
    Trophy Points:
    165
    #5
    No, its not in wordperss. Site is in PHP custom code.

    Let me check all folder about unknown PHP file. Thanks for idea.
     
    seomanualsubmission, Aug 18, 2022 IP
  6. Efetobor Agbontaen

    Efetobor Agbontaen Well-Known Member

    Messages:
    138
    Likes Received:
    41
    Best Answers:
    5
    Trophy Points:
    110
    #6
    I suspect the links are added via a Javascript code on the client side. TO test, try disabling Js.

    If this was a WordPress website, I would have told you to install Wordfence Plugin and use it to scan the website.

    But since it is a custom PHP website, I will prefer going through the code manually. I usually do not trust automated tools to remove every single malicious code.

    Let me know if you need further assistance with the 2nd option
     
    Efetobor Agbontaen, Aug 19, 2022 IP
  7. #7
    One big way to help clean up a compromised site is to make a local install of the same software clean -- assuming you have original uncompromised files, which ANY project should maintain -- and then just compare filesizes. Any file that doesn't match is suspect.

    Checking the "modified" date on the files can help too.

    But if you've done any number of dumbass things -- not maintaining a baseline clean-room copy of the code, editing the code online on the live copy, etm -- you may be screwed and have to go through one file at a time.

    There are a lot of good practices to set up ahead of time to recover from problems like this. It's sad so many people ignore them and go "we'll be fine."
     
    deathshadow, Aug 23, 2022 IP
  8. seomanualsubmission

    seomanualsubmission Well-Known Member

    Messages:
    930
    Likes Received:
    133
    Best Answers:
    4
    Trophy Points:
    165
    #8
    Thanks for suggest your best ideas.

    Please suggest me for one more doubt. As you are saying that there will be some suspected file may be JS or PHP but if i change complete website design, So all CSS, JS file will be changed completely. Will it help me to protect my site from that unwanted script? I think there is not issue with same database.
     
    seomanualsubmission, Aug 24, 2022 IP
  9. sarahk

    sarahk iTamer Staff

    Messages:
    28,875
    Likes Received:
    4,547
    Best Answers:
    123
    Trophy Points:
    665
    #9
    It's custom website so we can't make any assurances. You will have a rogue file and you have to find it.
     
    sarahk, Aug 24, 2022 IP
  10. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,999
    Best Answers:
    253
    Trophy Points:
    515
    #10
    There is the question of how they got in to crack you in the first place. If it's a flaw in the code they exploited, you're just going to get hacked again.

    Replacing with an off the shelf answer is often no better, as there is "security through obscurity". You look at wordpress vulnerabilities for example, a literal list of all the major well known hacks in the CVE:

    https://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337

    There are holes found and exploited all the time. Custom software depending on how and who coded it can be as bad, or it can be a thousand times better.

    One thing to consider is how old is the server-side code? How reliant is the site on client-side scripting? Are you running older versions of the server-side language -- like PHP -- because the script won't run on newer versions?

    One thing I'm always telling clients is to be prepared for complete rewrites and/or code audits every three to five years. Because the underlying languages change, because new exploits that haven't even been dreamed of yet crop up. To expect any software to last longer than five years without constant updates, code reviews, and possibly even starting over from scratch is naive, unrealistic, and little more than wishful thinking.

    In terms of age alone, it might be time to start over from scratch... but I'd have to see the code in question to say for sure. You might simply be past its "fresh by" date.

    Particularly if the site(s) in question are anything like the ones in your signature, where the front-end "Design" and code is itself a disaster with illegible white on sky blue, cloaked content guaranteed to get you pimp slapped clear off of search, p + strong doing H3's job, redundant P inside LI, redundant code-bloat title attributes, incomplete forms, gibberish use of numbered headings, content overload, incomplete tables... A lot of that kind of scary given they're sites for peddling SEO whilst being coded the opposite of good practices.

    If it's anything like those, it's time to rethink your inks and start over.
     
    deathshadow, Aug 27, 2022 IP
    seomanualsubmission likes this.