Hi guys,

I've found a stack of spammy links on one of my clients websites... but the links only show on the cached version of the page (between the main content box and the footer).

Cached:
http://webcache.googleusercontent.com/search?q=cache:Aogs0qybiHoJ:www.fastloansquickcash .co.uk/+fast+loans+quick+cash&cd=4&hl=en&ct=clnk&gl=uk&client=firefox-a

Normal:
http://www.fastloansquickcash.co.uk/

We cannot find what is causing these links to appear, no clues in the source code as the code is there on the cached page, and absent on the live page and in the site files (so far s i can tell).

Any ideas would be greatly apreceated.

Dave.

Have you looked in index.php etc for an eval command with a lot of hex numbers?

It can be done so that the spam links only get served to the search engines and not normal people.

Thanks for the reply Speed...

I've not yet got FTP to have a snoop around the site files.

Any idea how i can see the spam links other than checking the cached page on Google? I've tried a variety of spider simulators but with no joy. It's going to be a long drawn out process if I start disabling plug-ins, then waiting for Google to re-cache the page before i can see if one of the plug-ins is the culprit.

You can try https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/ in firefox assuming the code is looking for a user agent then you can send the Googlebot agent string to the site.

You'll also find the upgrading wordpress versions often overwrites the hacked files but doesn't always remove the door they got through, so it'll happen again and again.

cheers for your advice Speed... pages have been re-cached and the spammy links have gone... for the time being.