Finding inserted code

  • Resolved amatthies

    (@amatthies)


    9 years, 10 months ago

    Within the last 24 hours I have noticed that after loading any page on my website (apart from the homepage) music and audio plays in the background (site: http://www.liveteachguitar.com). It turns out that this code has been inserted somehow onto all pages/posts:

    <span style="position:absolute;left:-9999px"><script src="http://tracksitetraffic1.com/stats/publishers/masons.js" type="text/javascript"></script><iframe id="iframebojan" src="" name=""></iframe></span>

    I’m still learning the basics of wordpress and running a website so I started researching inserted iframes, scripts and attempted to find the code in any php files in my wordpress installation. I can’t find anything in any files. My host (inmotionhosting) couldn’t find the code in any files either. They suggested it might be in my database. I exported, downloaded and opened the database in a text editor to try and search for the code without any success.

    Whenever an issue like this happens I try to research and figure it out on my own but this time I’m stumped. Could somebody point me in the right direction on how to find this inserted code?

Viewing 5 replies - 1 through 5 (of 5 total)
  • berle

    (@berle)

    9 years, 10 months ago

    This has started happening here as well. At least 2 unrelated WordPress sites we are hosting has been affected.

    berle

    (@berle)

    9 years, 10 months ago

    After some additional research and help from IRC, it seems the slimstat plugin might be the culprit. I see you’re running that plugin on your site, try disabling it and see if that helps.

    Thread Starter amatthies

    (@amatthies)

    9 years, 10 months ago

    You’re a legend berle! I disabled slimstat and the problem disappeared. I initially discounted slimstat as a possibility because I use it on other websites without any issue.

    Do you know why this issue is caused by slimstat? I’m sure a lot of other people use it on their websites so I’m interested as why this issue has occurred at all.

    Thanks again for your help!

    Thread Starter amatthies

    (@amatthies)

    9 years, 10 months ago

    After some more research on slimstat it turns out that in a recent update the plugin author enabled ‘transparent’ ads as explained here: http://wordpress.org/support/topic/ad-hijacking?replies=7

    Under slimstat’s settings you can disable the UAN option and it should disable the ads (which in my case were audio ads that would play over and over on every page – not exactly transparent).

    So anybody else who uses slimstat, be aware of this automatic ads feature and consider whether you’re okay with your site being used to display ‘transparent’ ads. I wasted a day thinking my site was hacked due to this so I hope this thread prevents other people from the same thing!

    Jason Crouse

    (@coolmann)

    9 years, 10 months ago

    Version 3.6.4 removed this glitch. Sorry for the inconvenience. SlimStat is a very powerful tool, don’t let this minor incident ruin your trust in us! We’ve spent hundreds of hours perfecting our software, and unfortunately at the end of the day bread needs to be brought on the table, no matter what. We’re looking into converting it into a paid plugin on CodeCanyon or other stores, in order to monetize our efforts.

    Again, we apologize for the inconvenience.

    Camu

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Finding inserted code’ is closed to new replies.

Tags