WordPress.org

Ready to get started?Download WordPress

Forums

I have been hacked. The problem is coming through admin-header.php (2 posts)

  1. melhaer
    Member
    Posted 4 years ago #

    Hi, I found recently on my site a virus that was redirecting to something like: evony-fifia.com or something like that. I found that a script was injected into some of the index files. I removed the script and everything was fine.
    A few days ago I found that when I want to post a new post I see the same address that redirects for a seconds. I have installed Avast and reloaded the page. It alert me for a virus in:

    /wp-admin/post-new.php

    JS: Illredir-Z[Trj]

    I have download a new fresh copy of wordpress and installed it - the problem has left.

    So I have opened /wp-admin/post-new.php file and start to test it.

    I found that if a remove

    include('edit-form-advanced.php');

    from the source and reload post new page there is no alert for Trj virus.

    So, next file I try to test was /wp-admin/edit-form-advanced.php.

    I found that when I remove

    require_once('admin-header.php');

    from the source there is no alert.

    Finally I try to test /wp-admin/admin-header.php.

    I found the problem comes from:

    if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
    	add_action( <strong>'admin_print_footer_scripts', 'wp_tiny_mce', 25</strong> );
    	wp_enqueue_script('quicktags');
    }

    And especially from the bold line. If I remove one of the strings, the page is loaded without a virus alert.

    Any ideas how to fix that problem?

  2. Shane G.
    Member
    Posted 4 years ago #

    Hi,

    Refer these articles:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Thanks,

    Shane G.

Topic Closed

This topic has been closed to new replies.

About this Topic