WordPress.org

Ready to get started?Download WordPress

Forums

I think I've been hacked... again... (11 posts)

  1. Wazpy
    Member
    Posted 4 years ago #

    Well... I have no idea how to diagnose this since I don't get any error. Basically, the site shows up for a split second and then goes all white (It works fine if you disable javascript). I had a similar problem in the past, but I deleted all my wordpress files (Except for images and wp-config) and did a clean install. That fixed it last time, but now this isn't working. I have no idea what to do this time and I'm really pretty computer illiterate when it comes to this stuff.

    Anyway, here's a link to my site. I'm not sure if it will do something bad.

    http://www.snakevsmongoose.info

  2. MichaelH
    Member
    Posted 4 years ago #

  3. ClaytonJames
    Member
    Posted 4 years ago #

    You do have a compromise or error of some sort. It does appear to be a javascript problem. It is being identified as a "javascript obfuscation" exploit.

    "Suspicious: Script outside of <HTML>...</HTML> block"

    dWfwltHZmY='';var jTL='';var jQF=390;var nXZZ="";var fAS="";var gUTT;var yUD=57338;var bLZI="bLZI";...

  4. Wazpy
    Member
    Posted 4 years ago #

    I see it under the </html>... how do I get rid of it exactly? I've tried 2 clean installs already and have upgraded to the newest version.

  5. Wow. It kicks off my virus scanner.

    WARNING: ProxyAV has detected a virus/PUS in this
    file!

    I was going to ask "When you say '2 clean installs' do you mean all new databases with all new content, or are you importing your old content?"

    But seeing that error makes me think it's a SERVER hack, and has naught to do with WP.

    Remove WP completely from your server and put up a temp index page. See if that 'works' without buggering your source. If not, it's the server and you need to call your server tech.

  6. Wazpy
    Member
    Posted 4 years ago #

    When I say clean install I mean that I deleted all the wordpress files, but not the database.

  7. Try a clean database as well (don't delete yours, just make a new one and use that).

    If that's clean, then you've got bad in your DB and you'll have to comb that for oddities :(

  8. Wazpy
    Member
    Posted 4 years ago #

    Okay, I got the same problem with a new database.

    I did figure something out though. The error only comes in when you go to my homepage. If you visit the root directory (www.snakevsmongoose.info/blog) everything seems to work. Any idea why that might be?

  9. bottleneck
    Member
    Posted 4 years ago #

    "Suspicious: Script outside of <HTML>...</HTML> block"

    I have seen such warning on non-WP site. It has nothing to do with WordPress.

    Talk to your host. I bet you are on share hosting.

  10. Ditto bottleneck's advice. Your server's been hacked, and it's buggered. Contact your host ASAFP and get 'em to help you clean up.

  11. s_ha_dum
    Member
    Posted 4 years ago #

    That script isn't friendly. No one obfuscates that much for no reason. If you run FF you can see the source with this URL view-source:http://snakevsmongoose.info/ and never have to execute anything on the page. The script is at the bottom after the closing </html> tag.

Topic Closed

This topic has been closed to new replies.

About this Topic