WordPress.org

Ready to get started?Download WordPress

Forums

Script appending itself to the end of all .JS (8 posts)

  1. ishmate
    Member
    Posted 4 years ago #

    Hi, i recently came across a peculiar script attack on my WP installation @ http://www.thelastpilgrimage.com
    There was a hidden script that was appended to the end of every index.php file and sidebar.php file. It was basically designed to start a new IFRAME window and to spam. The script had also appended itself at the end of ALL .js files in the WP installation messing up the whole thing. i resolved the issue, but my question is this...

    How did this serious security lapse take place?

  2. @mercime
    Volunteer Moderator
    Posted 4 years ago #

    Don't know. Opened up your site in Google Chrome and instantly got notification from my firewall that it blocked an attack on my computer.
    From Codex
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://ocaoimh.ie/did-your-wordpress-site-get-hacked/

    Edit-Addendum to above in codes
    Export XML of your site. Check for hack scripts at top, end and in between and delete. Open a free account in WordPress.com and import clean XML and click on box to import attachments.

  3. ishmate
    Member
    Posted 4 years ago #

    ya its back now.. am restoring a backup guys.. duh' Dont' these people have anything to do, besides hacking sites!

  4. dapro
    Member
    Posted 4 years ago #

    Having the same trouble here, it has attacked every js file on my server (shared hosting at Bluehost)including index.php files.

    How can we prevent this from happening again? Anyone?

    Thanks

  5. dapro
    Member
    Posted 4 years ago #

    Okay so I solved the problem. Instead of going through every single file and deleting every infected WordPress install and js file (Which I have spent most of my day doing) I found this site which provided a script to debug the malicious code on my server.

    I hope this helps anybody who encounters the problem.

    Marco

  6. it has attacked every js file on my server (shared hosting at Bluehost)including index.php files.

    I would also tell BlueHost that your shared hosting has been hacked. It may not be you who was the point of entry of the hack. Shared hosting can be meddlesome that way.

  7. dapro
    Member
    Posted 4 years ago #

    Thanks Ipstenu, I alerted Bluehost of the possible server hack when I first saw the problem though when it happened the second time I just took matters into my own hands.

  8. ishmate
    Member
    Posted 4 years ago #

    well the funny thing is that my blog was also hosted on bluehost. I talked to the about it the other day and they said that it was necessarily an issue at my end. Their servers seemed secure enough. I realized that it was so. however i think that the script probably got in through a zencart installation that i had done a few months back just to test it out.

    The current version of zencart has a known vulnerability that is similar to this one wherein there are script injection attacks that replicate themselves.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags