WordPress.org

Ready to get started?Download WordPress

Forums

Can't Remove Mysterious Overlay On Site and Dashboard (11 posts)

  1. betholsoncreative
    Member
    Posted 9 months ago #

    PROBLEM:
    There's suddenly a grey overlay on every page of my website including the backend. It will let me sign to the back end but I can't click on any links. Every time I try to navigate away from one of these pages it asks me if I'm sure. (as if I was working on an unsaved post or something)

    MORE INFO:
    Using chrome inspect element, I can see there is a div id called "overlay_div" that seems to be causing the problem but I can't find that CSS in ANY of my pages.

    TRIED:
    I've tried in both Firefox and Google Chrome. I'm on a Macbook Pro running Snow Leopard.

    Checked every .php page and css page using the cpanel to try to find where that Overlay_div is being called from so I can remove it but I can't find it anywhere!

    You can see the issue at http://www.SirenNation.org

    Any information would be incredibly appreciated. This non-profit is just days away from their biggest event of the year and having it's website down is really, really bad news!

    Thanks!

  2. Dave Naylor
    Member
    Posted 9 months ago #

    Looks OK to me. Does it only do this when you are logged-in?

  3. betholsoncreative
    Member
    Posted 9 months ago #

    No, it happens whether I'm logged in or not. On my cell phone, trying to access the website I'm forwarded to a cpalead.com survey page to "unlock" access to the site.

    So now I know it's hacked :(

    The problem is I can't find any code in any page that looks like it's causing the forwarding. Again, I've looked through every single page in my themes root looking for the code that's causing the grey overlay and now have gone back looking for anything with cpalead.com with no luck.

    Any ideas?

  4. Dave Naylor
    Member
    Posted 9 months ago #

    Which OS/Browser are you using?

  5. betholsoncreative
    Member
    Posted 9 months ago #

    As in the original post: "I've tried in both Firefox and Google Chrome. I'm on a Macbook Pro running Snow Leopard."

    When using Firebug I can see this load of hacked junk code but I can't for the life of me find where it's being generated from so that I can remove it.

    [ Malware/hacked code redacted. Please do not post that here. ]

  6. betholsoncreative
    Member
    Posted 9 months ago #

    I should mention that you can't see the site at all and are simply forwarded to the survey unlock gateway when going to the site via both iPhone and Android.

  7. betholsoncreative
    Member
    Posted 9 months ago #

    It's not really my site, I'm just helping friends who don't know anything about websites.

    I'll work my way through all that stuff as I have the time but right now (and in for the next 24 hours, til I have a moment to go through all the resources you listed) I need to find where that code is at so I can get the website functioning.

    About 3/4 of the time using Safari or Chrome, you can't see the problem but using Firefox and mobile devices it's really bad and you can easily see the offending code using Firebug.

  8. It's not really my site, I'm just helping friends who don't know anything about websites.

    You're a good friend. ;) It's a lot of work and just removing the code never works for long because that just treats the symptoms. Deleting it will mean it just will come back.

    What type of server is it? Linux or Windows?

  9. betholsoncreative
    Member
    Posted 9 months ago #

    I know, I've been through it once before but I'm too short on time over the next day or two to do a full-on proper cleaning which is why I'm just trying to find the code so I can remove it as a band-aid til I have a chance to do it properly the moment I get a chance.

    I believe the server is Linux.

  10. betholsoncreative
    Member
    Posted 9 months ago #

    I Think some one is screwing with me....
    So I'm looking at the code in firebug and when I refreshed the page over in my safari browser suddenly the website worked fine and I couldn't see the malicious code in the inspector anymore.

    I checked this with Chrome. (code seems to have disappeared)
    And in Firefox with firebug (same thing, malicious code is suddenly gone.)

    I rescanned the site with Sucuri and all those red warning boxes turned green and it says the site is clean.... suddenly, magically.

    Ever heard of something like that happening before? Maybe the host caught it and took care of it. Is that a thing that happens?

    Good grief. I'm glad my husband was looking over my shoulder when that happened, or I'd think I'm going completely mad.

    I'll switch to a new more updated theme later this week for them. The one being used now is really old and I'm sure full of holes and backdoors.

Reply

You must log in to post.

About this Topic