Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Txp is up to date, but I still have spam links inserted into html code
When I view the source of a page on my site, mistersugar.com, I see a long list of spam links inserted at the end. I’ve updated Textpattern to the latest version, so assume these links are in the database. How would I go about cleaning them, or starting over with a new database (I have 13 years of blog posts in my archive).
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
Hi Anton
It all looks fine to me. Did you clean them up? At the bottom the sorce code of all your pages I see a disqus javascript and then the sidebar.
Would it be an injection in disqus?
What happens if you log out of it?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
I see:
</body>
</html><div style="display:none">followed by a long list af spam hrefs.
You have to check your index.php and TXP pages/forms for alien code after </html>.
TXP debug will also help if that block is delivered by TXP.
If not there you’ll need to check the delivery chain (web server, proxies, …)
Get all online mentions of Textpattern via OPML subscription: TXP Info Sources: Textpattern RSS feeds as dynamic OPML
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
merz1 wrote:
followed by a long list af spam hrefs.
i see them now too. Your diagnostics might have picked something up on this. Did you check them to see if any files have been modified?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
It’s after the </html> tag, so it’s probably not in the main textpattern table (which contains the articles).
I’ve compared a few pages. The list of links appears to be the same everywhere, so check your templates (pages) in TXP. Perhaps it was simply added at the end of one of the templates.
Anton says he’s updated TXP. Updating TXP usually means replacing all the PHP files. So wouldn’t expect to see any modifications there.
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
I keep seeing a file called inbex.php (not a typo, it’s i-n-b-e-x) added to my server. I suspect that’s the issue. I delete it, and a few days later it shows up again.
Last edited by mistersugar (2013-01-29 16:55:01)
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
I would change all my site passwords (mysql, ftp, virtualmin, etc) and notify the server support too. Did you install any other cms, stats, whatever in your site?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
colak wrote:
I would change all my site passwords (mysql, ftp, virtualmin, etc) and notify the server support too. Did you install any other cms, stats, whatever in your site?
egads. I’m on new Textdrive server, with a dozen domains, lots of CMS and files and such 10 years of stuff. So, a huge spring cleaning is in order!
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
Anton: Don’t delete the inbex.php.
I asssume inbex.php is the bad guy. But maybe the b stands for ‘backup of the original index.php’ :)
A) Save the actual status
Make a backup of everything :)
Make a backup of inbex.php.
Then edit it (1st try would be to empty it).
Modify the rights so that only a (maybe new) trusted user can write to inbex.php.
The same (rights) for a clean index.php.
B) Start forensics
Try to find out which service or which PHP file calls/executes inbex.php (grep, find, search, log, debug).
Get all online mentions of Textpattern via OPML subscription: TXP Info Sources: Textpattern RSS feeds as dynamic OPML
Offline
Re: Txp is up to date, but I still have spam links inserted into html code
Also can you check the contents of inbex.php before deleting it? It might give you a clue as to how to solve the problem.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline