Solved

WordPress forwarding/linking strange content

Posted on 2013-11-04
3
235 Views
Last Modified: 2013-12-01
********** BACK STORY **********

Client calls and says they have a strange description of their site on google.

Sure enough, they're right. They whole description is about adobe software.

So, I started searching the content. To the point that i downloaded the entire public directory & pulled a sql dump. from linux cl, used both find & grep in attempts to find any word pattern.

adobe, best, price, etc.

I'm intentionally misspelling the domain name so this questions doesn't come up in google if its searched.
replace the numbers for vowels.

d3nt@lfixrx.c0m

********** HERES THE ACTUAL QUESTION **********

If from the home page, you click on the Home button (sometimes times the second click) - you will be sent to this adobe page. The url still says the correct domain name. Looking at the error console & network request - I can see that the requests are going to wp.com

I can't find the link in any css or js files. The <a href link is also correct.

Where could this problem lie ?? Please help experts.
To be clear, my question is about the Home button forwarding to the wrong site / pulling content from invalid site. What is the cause of this home button going to the wrong home page ?

Thanks in advance experts.
-steve
0
Comment
Question by:Imaginx
3 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
Comment Utility
The site has been hacked and there is code injected into one of the PHP files (probably a core file) that is causing the problem.  

Try following some of the basic steps in this article:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html

But in all likelihood you will need a service such as Sucuri or StopTheHacker to step in and analyze the site for back doors and insecurities.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…
The purpose of this video is to demonstrate how to prevent comment spam on a WordPress Website. This will be demonstrated using a Windows 8 PC. Plugin Akismet will be used. Go to your WordPress login page. This will look like the following: myw…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now