Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2013-01-23 18:33:52

mistersugar
Member
From: North Carolina
Registered: 2004-04-13
Posts: 141
Website

Txp is up to date, but I still have spam links inserted into html code

When I view the source of a page on my site, mistersugar.com, I see a long list of spam links inserted at the end. I’ve updated Textpattern to the latest version, so assume these links are in the database. How would I go about cleaning them, or starting over with a new database (I have 13 years of blog posts in my archive).

Offline

#2 2013-01-23 18:55:25

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,091
Website GitHub Mastodon Twitter

Re: Txp is up to date, but I still have spam links inserted into html code

Hi Anton

It all looks fine to me. Did you clean them up? At the bottom the sorce code of all your pages I see a disqus javascript and then the sidebar.

Would it be an injection in disqus?

What happens if you log out of it?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#3 2013-01-29 11:36:25

merz1
Member
From: Hamburg
Registered: 2006-05-04
Posts: 994
Website

Re: Txp is up to date, but I still have spam links inserted into html code

I see:

</body>
</html><div style="display:none">

followed by a long list af spam hrefs.

You have to check your index.php and TXP pages/forms for alien code after </html>.
TXP debug will also help if that block is delivered by TXP.
If not there you’ll need to check the delivery chain (web server, proxies, …)


Get all online mentions of Textpattern via OPML subscription: TXP Info Sources: Textpattern RSS feeds as dynamic OPML

Offline

#4 2013-01-29 13:24:29

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,091
Website GitHub Mastodon Twitter

Re: Txp is up to date, but I still have spam links inserted into html code

merz1 wrote:

followed by a long list af spam hrefs.

i see them now too. Your diagnostics might have picked something up on this. Did you check them to see if any files have been modified?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#5 2013-01-29 16:17:17

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Re: Txp is up to date, but I still have spam links inserted into html code

It’s after the </html> tag, so it’s probably not in the main textpattern table (which contains the articles).
I’ve compared a few pages. The list of links appears to be the same everywhere, so check your templates (pages) in TXP. Perhaps it was simply added at the end of one of the templates.

Anton says he’s updated TXP. Updating TXP usually means replacing all the PHP files. So wouldn’t expect to see any modifications there.

Offline

#6 2013-01-29 16:52:38

mistersugar
Member
From: North Carolina
Registered: 2004-04-13
Posts: 141
Website

Re: Txp is up to date, but I still have spam links inserted into html code

I keep seeing a file called inbex.php (not a typo, it’s i-n-b-e-x) added to my server. I suspect that’s the issue. I delete it, and a few days later it shows up again.

Last edited by mistersugar (2013-01-29 16:55:01)

Offline

#7 2013-01-29 17:00:27

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,091
Website GitHub Mastodon Twitter

Re: Txp is up to date, but I still have spam links inserted into html code

I would change all my site passwords (mysql, ftp, virtualmin, etc) and notify the server support too. Did you install any other cms, stats, whatever in your site?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#8 2013-01-29 17:15:21

mistersugar
Member
From: North Carolina
Registered: 2004-04-13
Posts: 141
Website

Re: Txp is up to date, but I still have spam links inserted into html code

colak wrote:

I would change all my site passwords (mysql, ftp, virtualmin, etc) and notify the server support too. Did you install any other cms, stats, whatever in your site?

egads. I’m on new Textdrive server, with a dozen domains, lots of CMS and files and such 10 years of stuff. So, a huge spring cleaning is in order!

Offline

#9 2013-01-30 08:07:24

merz1
Member
From: Hamburg
Registered: 2006-05-04
Posts: 994
Website

Re: Txp is up to date, but I still have spam links inserted into html code

Anton: Don’t delete the inbex.php.

I asssume inbex.php is the bad guy. But maybe the b stands for ‘backup of the original index.php’ :)

A) Save the actual status

Make a backup of everything :)
Make a backup of inbex.php.
Then edit it (1st try would be to empty it).
Modify the rights so that only a (maybe new) trusted user can write to inbex.php.
The same (rights) for a clean index.php.

B) Start forensics

Try to find out which service or which PHP file calls/executes inbex.php (grep, find, search, log, debug).


Get all online mentions of Textpattern via OPML subscription: TXP Info Sources: Textpattern RSS feeds as dynamic OPML

Offline

#10 2013-01-30 09:26:08

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,091
Website GitHub Mastodon Twitter

Re: Txp is up to date, but I still have spam links inserted into html code

Also can you check the contents of inbex.php before deleting it? It might give you a clue as to how to solve the problem.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB