Forums

WordPress › Support » How-To and Troubleshooting

Help!! Tons of code appearing at the top of my page (4 posts)

  1. relish1227
    Member
    Posted 1 year ago #

    Is this a hack? A client notified me that they were not able to get to their site and, sure enough, there was a content encoding/compression error. I went to FTP and deleted both the HTTP Compression and WP Supercache plugins. The site showed up after deleting the HTTP Compression one.

    However, now there is a TON of code appearing at the top of the page. Here's a tiny snippet:

    "'; preg_match("||si",$str,$arr); return str_replace($arr[0],$links.$arr[0],$str); } function StrToNum($Str, $Check, $Magic) { $Int32Unit = 4294967296; $length = strlen($Str); for ($i = 0; $i < $length; $i++) { $Check *= $Magic; if ($Check >= $Int32Unit) { $Check = ($Check - $Int32Unit * (int) ($Check / $Int32Unit)); $Check = ($Check < -2147483648) ? ($Check + $Int32Unit) : $Check; } $Check += ord($Str{$i}); } return $Check; } function HashURL($String) { $Check1 = StrToNum($String, 0x1505, 0x21); $Check2 = StrToNum($String, 0, 0x1003F); $Check1 >>= 2; $Check1 = (($Check1 >> 4) & 0x3FFFFC0 )"

    The only thing of note I can see in the code is:

    $file = "http://toolbarqueries.google.com/search?client=navclient-auto&ch=$ch&features=Rank&q=info:$url"

    Has anyone run into this? Any helped appreciated!!

  2. t-p
    Member
    Posted 1 year ago #

    try:
    -deactivating ALL plugins temporarily to narrow down and possibly fix the problem. If the problem goes away, activate them individually to find the culprit.

    -switching to the default theme for a moment by renaming your current theme's folder in wp-content/themes. The idea is to force WordPress to fall back to the default theme to rule out any theme-specific issue.

  3. relish1227
    Member
    Posted 1 year ago #

    Thanks for the response!

    I did try deactivating all of the plugins (I also upgrading any that needed it) -- but that didn't help.

    On your recommendation, I tried briefly changing the theme -- the code still appeared at the top (I used the default 2010 theme).

    No luck. I might see if I can get the host to roll back the database... in case it is a hack of some kind. But I would like to avoid this in the future, too, so it would be good to get to the bottom of this.

  4. t-p
    Member
    Posted 1 year ago #

    see:

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Then implement tips of this guide: http://codex.wordpress.org/Hardening_WordPress

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags