Regex To Remove Spam Links from WordPress Website

paydayloanscamRecently a wordpress site had multiple SQL injections into the content randomly throughout the 100 or so blog posts as per right. These included generic keywords such as :

  • levitra
  • cialis
  • payday
  • viagra
  • pharmacy
  • pfizer

The sites it linked to where :

http://masagro.mx/index.php/en/payday-loans-in-goldsboro-nc
http://simlesa.cimmyt.org/index.php/payday-loans-indiana
http://www.redclara.net/generic-viagra-us/
http://greatvines.com/cialis-online-fda
http://www.crackunit2.com/purchase-cheap-levitra/

Going through these with Search and Replace plugin was going to take ages , so I tried to look for a regex script. I can across the following , curtious of https://managewp.com/clean-link-injections-hacked-websites however this only looked for cetrain Div Tags. I needed something to remove Hyperlinks containing the above keywords. I modified the code to the below and placed into the functions.php file and ran with preview on then off and went through the keyword list. Cleared about 1000 links!!

//Enter keyword below to check for in hyperlinks ( the whole link )
    $spamkeyword = "spamkeyword";
 
    // By default only preview infected posts. Change to 0 to clean posts
    $preview_only = 1;
 
    // This is the pattern to search and replace with blank
    $pattern = '%<a href=[\"\'][^"]*?'.$spamkeyword.'.*?[\"\']>.*?</a>%';
 
    // This is the query to find suspicious posts using fast SQL query
    $query="SELECT ID, post_content from $wpdb->posts where post_content LIKE '%$spamkeyword%'";
 
    global $wpdb;
    $num_cleaned = 0;
 
    $posts = $wpdb->get_results($query);
 
    echo "Suspicious: ".count($posts)." ";
 
    if ($preview_only)
      echo "Post IDs: ";
 
    // go through all suspicious posts
    foreach ($posts as $post)
//echo   $post->post_content;
    {
        if (!$preview_only)
        {
            // try the pattern
            $new_content=preg_replace($pattern, '',  $post->post_content);
 
            // update the cleaned content
            if ($new_content!=$post->post_content) {
              $wpdb->update(
                $wpdb->posts,
                array(
                    'post_content' => $new_content
                ),
                array( 'ID' => $post->ID ));
 
                $num_cleaned++;
            }      
        }
        else echo $post->ID." ";
 
    //UnComment Below to See Results of Preview before comitting
    //echo preg_replace($pattern, '',  $post->post_content);
    }
 
    if (!$preview_only)
      echo "Cleaned: $num_cleaned";

 

regex Upon searching for help with this , I did have to smile at the irony of the Regex Help Website being hacked in the same fashion , although obviously all clear now!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: Batch clear links wordpress, Clean links from wordpress site, Code, payday loans scam, PHP, Regex, Remove Spam Links Wordpress, Removing Links with Keyword

Trackback from your site.