WordPress.org

Ready to get started?Download WordPress

Forums

Is My Website Hacked? (14 posts)

  1. Debra Weiss
    Member
    Posted 2 years ago #

    I'm using the latest version of WordPress and the latest version of the Weaver theme on my website: DebraWeiss.net. I wanted to tinker with the look some today and I found I had this coding in my source.

    I don't recognize this code so I'm troubled. Here's the coding:

    <script type='text/javascript' src='http://dtym7iokkjlif.cloudfront.net/dough/1.0/recipe.js'></script>

    And here's a link to the complete JS online: http://pastebin.com/0zB8DtmA

    I've worked with WordPress before and I'm familiar with it. What I'm not familiar with is JavaScript. So I don't know what this code means or what it does. Can someone explain to me?

    Thank you so much for any help you can offer.

    Debra

  2. cubecolour
    ɹoʇɐɹǝpoɯ
    Posted 2 years ago #

    It *could* be put in by a plugin. To find out, deactivate all of your active plugins to see whether the js is still there. If not, reactivate them again one by one checking for the code until it comes back to find out which one is putting that in.

    There are references to shareaholic in the js. That could be a red herring or it could be somehow related to the (very bloated) sexy bookmarks plugin.

  3. Sabinou
    Member
    Posted 2 years ago #

    The simple fact that a call for an external JS has been inserted into her blog without her being asked for it is enough proof : yes, you've been hacked.

    It's time to change all your passwords, including your email and your web hosting and your FTP access and your SSH logins, to reinstall wordpress afresh after backing up just your database and your template unless it's not a template you customized yourself anyway, etcetera, etcetera :(

    Well, I might be exaggerating, but not that much I'm afraid, cf the bible :
    http://codex.wordpress.org/FAQ_My_site_was_hacked

  4. Debra Weiss
    Member
    Posted 2 years ago #

    Thank you, cubecolor and sabinou1! It appears the website is fine and un-hacked. The culprit was Sexybookmarks. I changed a setting in the plugin and the code went away.

    One last question for ya, cubecolor, you mention that SexyBookmarks is bloated. Is there an alternative sharing plugin you'd recommend?

    Thank you both for your help!

  5. cubecolour
    ɹoʇɐɹǝpoɯ
    Posted 2 years ago #

    sucuri reports the site as being clean - http://sitecheck.sucuri.net/scanner
    there are many similar plugins that do the same job with a tiny amount of code in comparison to SB

  6. cubecolour
    ɹoʇɐɹǝpoɯ
    Posted 2 years ago #

    To add to my previous post, I can't suggest a specific plugin as I don't actually use one for my site builds. I put together my own solution ( example at http://bit.ly/byxpOl ) which has share & bookmark links on posts that look like the output from sexyBookmarks and work much the same, however my version doesn't have any admin panel andis implemented with is just a few lines within my custom functionality plugin, a customised version of the sprite graphic from sexyBookmarks and a chunk of css in the theme's stylesheet. This functionality only requires linked graphics that change on mouseover, so is easy to implement in very little code. Unfortunately as its integrated into the site without adding extra inline CSS or additional stylesheets its not suitable to package up as a plugin for download.

  7. erjon07
    Member
    Posted 2 years ago #

    I'm having the same problem.
    I think it has caused by plugin Sexybookmarks

  8. eulkloss
    Member
    Posted 2 years ago #

    Debra,

    Do you know which settings you changed to remove the error? I get the same error and have not be able to eliminate it. It doesn't seem to hurt anything... But I want the error to go away regardless.

    Thanks,
    EUlkloss

  9. Naidobria
    Member
    Posted 2 years ago #

    THAT is from SexyBookmarks!

    they use the code to track the users that visit your website and after that sell the information to 3rd party AD networks. in few words they make money with your users without your permission....

    I suggest you to delete the plugin!
    Because even if you deactivate the "Track Performance" option there's still files that are loaded from this "mean" plugin.

    for more:
    http://wordpress.org/support/topic/plugin-sexybookmarks-email-bookmark-and-share-buttons-warning-unwanted-injection-of-tracking-code-selling-info-to-ad-networks

    http://wordpress.org/support/topic/plugin-sexybookmarks-email-bookmark-and-share-buttons-make-your-3rd-party-tracking-and-privacy-policy-clear

  10. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    Isn't cloudfront the CDN (Amazon) used by Sexy Bookmarks?

  11. Naidobria
    Member
    Posted 2 years ago #

    it is and is doing what I described above!

  12. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    It is pulling a js file from a cdn instead of your site? The js is not run on your site, it is run within the client browser and yes has the settings required to share with all the possible social sites - am I missing something about what is well known already? It's a Social Plugin...they all gather and use aggregated data, do they not? Just belonging to a social network does this also with your own data?

  13. Naidobria
    Member
    Posted 2 years ago #

    I'm just saying that a part of the social networks... they are sending important data to AD & Tracking networks that will use these data to spam your email, later, or send you ADS in some way

    these are the sites:
    adnxs.com
    w55c.net

    and here you can read about them

    http://www.donottrackplus.com/trackers/adnxs.com.php
    http://google.com/safebrowsing/diagnostic?site=adnxs.com/

    w55c.net is a domain used by Lotame which is an advertising company that is part of a network of sites, cookies, and other technologies used to track you, what you do and what you click on, as you go from site to site, surfing the Web. Over time, sites like w55c.net can help make an online profile of you usually including the sites you visit, your searches, purchases, and other behavior. Your profile can then be exchanged and sold between various companies like w55c.net as well as being sold to other advertisers and marketers.

  14. CouponCodePlugin
    Member
    Posted 2 years ago #

    @Sabinou how often does a theme or plugin ask you before using an external file? Never. Many themes use css or js from other sites.

    @Naidobria they are sending important data to AD & Tracking networks that will use these data to spam your email, later, or send you ADS in some way? How did you find this out? How do you know that they are sending data to ad and tracking networks *that will use the data to spam your email or send ads*??? It seems like a rather specific assumption which I could only assume would be based on evidence. If the plugin is making a call home, it will be in conflict with the plugin repository terms. However, it seems that jetpack does the same. If the plugin is sending your email address, they are not only breaking the repository terms, but they are also breaking the law.

Topic Closed

This topic has been closed to new replies.

About this Topic