Drupal - How To Edit Home Page Source Code?

Question

I'm new to Drupal so please bear with my beginner question.

i have this website that now i need to administer. Unfortunately, it seems recently the website may have been hacked and hidden links been added into the home page (at the end, after footer).

i found it out when i view the page via Right Click > View Page Source

The hidden links is only added into the home page, not the other pages. However, i don't know how to open the home page's source code and edit to remove the links. i have go through every admin settings options available, i have tried google it as well, but none seems to be the answer.

ps. i have looked into the page.tpl.php on the server, nothing seems amiss there.

UPDATE

Thanks for all the help you have given!

I found the code inside theme.inc file. So once i remove this part of code, the website should be clean again, right? Please tell me if i need to do other things as this is my first time cleaning a hacked website (im really beginner at this)

In addition, i've performed a google search "site:websitename.com" and found that there are some unknown URL like "websitename.com/some-product-name". I've searched the nodes but found none related to it. And when clicked, the link redirect to another website altogether.

Really appreciate if you could guide me how to remove this as well.

Thank you!

Answer 1

There are many things that could be the issue.

1. Check your code base for the malicious code. If you have access to a command line navigate to the document root and type grep -Hirn "malicious-text-sample" *
2. Search through your database for any content injections (they could have added blocks, boxes, etc. The easiest way to do this is to use a UI like PHPMyAdmin and search for a piece of the text.
3. Inspect element on the page and see if it is a script that is being inserted. You can usually do this by hitting f12 on the page in question.

Answer 2

If it is not in theme, it could be in a preprocess hook in pretty much any module, so search the whole project for a function having preprocess in it. Another possibility are links injected by javascript so search all js files for the href of the malicious link (it costs nothing to actually search the whole project files for the target website in the href of these links).

You can do a global search loading the project sources in an IDE like eclipse/netbean... .

If the links are stocked in the database and not in the code, it will be tricky to find it, disable all modules one by one, switch to default theme, if nothing work replace current drupal core files with the ones from drupal.org in case they got corrupted (same version to avoid compatibility issues), so you can find which part of the site is causing this. Good luck!

Answer 3

1. Try to open also html.tpl.php and (if exist) page--front.tpl.php. Also take a look to template.php
2. Update parent theme (if any) to latest version. Change theme and see if you still have issue. If issue resolved see 3. Or else see 4.
3. Download the whole theme to your local and search for some string of the bad code through all of the files strings
4. Update drupal and all its modules to latest versions

If nothing helps - provide the link to the website, so I could see if there something which could guide me to the goal