Forums

WordPress › Support » Plugins and Hacks

[resolved] Homepage redirects to another site - how to find and delete hack (3 posts)

  1. Caraleisa
    Member
    Posted 2 years ago #

    Hi, My homepage of my blog at http://www.caraleisa.com has been hacked and an auto-redirect inserted. It ultimately goes to redorbit.com, but I can see a bunch of other code flash past in the status bar - no way to read it fast enough to catch it. A search in all the wordpress files doesn't turn up redorbit, unfortunately.

    Where can I find the file that holds/calls the redirect? What code should I look for?

    I know html well, and can edit js and some other code slightly. I can certainly find the file and work on it...

    Any help will be much appreciated.

    Thanks!

    c.

  2. Caraleisa
    Member
    Posted 2 years ago #

    RESOLVED!!!

    A friend was able to suggest the fix - there was a javascript downloader agent which was attached to my theme homepage ... once I deleted it, the problem disappeared.

    Here's the actual path, etc for the fix:

    The problem is with a a malicious Javascript script. I think the exploit is working using a JS/Downloader Agent.

    Check your wp-content/themes/theme-name/header.php file to see whether a Javascript reference (between the end of the Head tag and the beginning of the Body tag) has been inserted.

    It didn't even look like a 'regular' javascript. It had the opening tags, then about a dozen lines of what looked like gibberish all run together, and then the end/script.

    Hope this might help someone.

    c.

  3. Caraleisa
    Member
    Posted 2 years ago #

    RESOLVED!!!

    A friend was able to suggest the fix - there was a javascript downloader agent which was attached to my theme homepage ... once I deleted it, the problem disappeared.

    Here's the actual path, etc for the fix:

    The problem is with a a malicious Javascript script. I think the exploit is working using a JS/Downloader Agent.

    Check your wp-content/themes/theme-name/header.php file to see whether a Javascript reference (between the end of the Head tag and the beginning of the Body tag) has been inserted.

    It didn't even look like a 'regular' javascript. It had the opening tags, then about a dozen lines of what looked like gibberish all run together, and then the end/script.

    Hope this might help someone.

    c.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags