Here we go again. New links popped up. Grrrr….This time I did a line by line comparison with the original header file and I think I got at least this file clean. What’s lurking elsewhere, I don’t know. The problem is, I’d modded this file fairly extensively. There was a bunch of animation most computers couldn’t handle, and some rather rude (I’m sure the coder thought it was funny/clever…I didn’t) comments when the animation didn’t work. So, I took all that out. I also put my copyright stuff that appears at the top of the page into it.

So why, you ask, don’t I have a copy of the uncorrupted file on my home computer somewhere? Well, I think I do, but I couldn’t find it. probably on the computer that died. Who knows? Anyway, I’ll be surprised if this fixes it. I’ve probably got some kind of link to the buzzards at the moment. But if it shows up again, I’ll see what I can do. Meantime…I’m working on security….

I found some suspicious stuff in my sidebar php file as well. I zapped it. Hopefully I didn’t zap anything significant. Please let me know if there are any problems logging in or anything like that.

And RoI languishes.

Pook.

Message from Lynn this AM: As best I could determine last night, the spam loads aren’t meant to display on a monitor, they’re meant to fool search engine spiders into believing that legitimate sites are linking to the spammer’s sites, thereby legitimatizing the spam sites for SEO.  It looks like you’ve been hit by a zombie spammer….none of the injected links are valid and appear to date back to 2008 or earlier when Harvard University’s servers were hacked.

Which brings us to the one I totally forgot to thank last night: Lynn. She was on it like a hawk when I emailed her yesterday.

I’d let the matter slide, intending to attack it with a fresh brain today. I’d figured, from the form it took, that is was nothing particularly dangerous to anyone and the info I was getting/finding all pointed to code that was harmless to visitors and designed to affect search engines. It’s the sort of thing that can get a site “blackballed”by search engines, so I wanted to take care of it, but I also wanted some sleep. (Nice thing, sleep.)

But a late-night email from Lynn jerked my brain awake and my default from html-speak into php-speak, and I knew I wouldn’t sleep until I found the answer to the question.

I went searching the php files most likely to have been “infected.” She said it usually manifested in the footer.php, and I did check that first. Nothing suspicious there, but then I realized…footer? Why the footer? Of course…these pages are created on the fly. It had to be something common to every page, not just the posting page. The next file common to all pages and posts is the header. I checked it and there it was, bold as brass.

So, no need for you visitors to worry, and no need for me to worry.

All is well!

I believe the problem is solved. Somehow that code got inserted into my theme’s header.php file. I zapped it and the source code and display appear to be fine now. My thanks to you all, and especially to Jaakko for putting me onto the problem in the first place.

YOU GUYS RAWK!