I submitted a post about something similar two weeks ago:
wordpress.org/support/topic/sql-database-infected-or-just-bloated
Found possible problems in Option _transient_feed_895a6fef0cc57461ead214388fd67e81 (script tag )
Just to take an example, “Yoast” appears 35 times alone in this 14KB excerpt (total size is 218KB). I once had Yoast’s SEO plugin installed, deleted long ago.
Who else but Yoast himself would inject and bloat the database with “Yoast”? This could seem to suggest foul play. Does anyone have another explanation?
[excessive code deleted]
@wnthne – please stop posting code like that on these forums – it’s been deleted several times – if you need to post lengthy code, use a pastebin per the forum guidelines.
http://codex.wordpress.org/Forum_Welcome#Posting_Code
Thanks for the tip WPyogi. Here is the code excerpt: http://pastebin.com/kEdkTjTX
I ran the ThreatScan plugin which exposed the injections.
where is file created i can’t see one called header.php.wpseobak
@ooomes @mrppp
header.php.wpseobak – is found in the theme folder (not always).
WordPress SEO only creates this file when it needs to change a themes built-in hard coded meta description function.
The wpseo function is found in plugins/wordpress-seo/admin/pages/dashboard.php on line 64 in section starting on line 49, ending line 89
$backup_file = date( 'Ymd-H.i.s-' ) . 'header.php.wpseobak';
Because it’s hard coded in the theme, it cannot be removed by a filter action. Instead the plugin backs up the original theme file, removes the hard coded meta description section, and adds the WordPress SEO dynamic meta description function.
It has to, or there will be 2 meta descriptions, which are not too good for SEO…
The file you found named header.php.wpseobak is OK. it’s supposed to be there if the requirements mentioned above exist. It’s not a malware script.
But it’s very good you are cautious 🙂
To set your mind more at ease, because of the extension, .wpesobak, PHP cannot execute the file anyway. (same applies to extensions like .backup and so on which you sometimes find if the server techs have worked on the site
If you’re still worried, you may e-mail header.php and header.php.wpseobak to [ redacted ] for free manual inspection (must be in zipped folder or mail server will strip .php attachments)and let me know the theme!)
so we are talking theme header?
Can’t see a header.php.wpseobak
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
@mikeotgaar Please do not post your e-mail or request people contact you off of these forums like that. Keep the support on the forums.
http://codex.wordpress.org/Forum_Welcome#Helping_Out
Apologies Jan
Didn’t realize offering free check was an issue.
@mrppp
The plugin only creates this ONLY IF the theme has built in SEO features like meta description – if this can’t be disabled in the theme settings and the meta description is hardcoded…
If it’s not in your theme folder, it means WordPress SEO didn’t need to modify the original file, so no backup file.