I’ve finally identified and fixed the/a root cause of the hacked site problem I described in the last few posts. It seems that My site was hacked and a piece script was placed in the source code (near the footer) of every page on the site. Because this site is a wordpress hosted site it uses php templates to build each page – once of these templates was hacked so that when someone opened a link from the website, a new tab was opened with something like a university website advertising website. Because this site is quite old (2002 baby!)
I’d used a number of pieces of technology to identify the problem – and I’ve left a few pieces of technology running in the background to help prevent something like this happening in the future. Three pieces of kit were used – namely MalCare, Wordfence and GOTMLS Anti-Malware. There’s quite a lot of content – some 17100 files, so each scan took quite a while to run and some of them seemed to be reporting a problem across every page – it was MalCare that came up trumps for me though with the root cause.
I removed the offending script (a “clickund_” script which directs users to a baidu.com link.. so I guess somewhere, somone will be getting advertising revenue from people opening these pages).
*I’m just in the process of running two complete independent scans to check but it looks like it may have been resolved. Huraah!
PS – Dear hackers targeting not for profit websites – get a proper job!