WordPress.org

1. meandisis
   Member
   Posted 3 years ago #

   I am having quite the problem with my two blogs recently where someone has inserted some kind of wrong tag into the very top of everyone of my WordPress pages.

   You can view my site here (http://www.meandisis.com/) and right-click "View Source". Look at the top, you will find: "<!-- test1 -->" just before the Doc Type. That is on EVERY single WordPress page, even in the WordPress Admin files.

   How can this be fixed? We looked into the database to find the code, replaced all files with brand new same version WordPress files, disabled all plugins and reactivated again and we couldn't find anything positive related to this "test1" thing, it won't go away...

   I would really appreciate any heads-up.

   Thanks a lot!

2. meandisis
   Member
   Posted 3 years ago #

   anyone? please?

3. meandisis
   Member
   Posted 3 years ago #

   Thanks for nothing, haha.

   ANyways, for those encountering the same problem as I was, the spam code was injected directly into the Database.

   I had to go to the wp_options table, and then in the "active_plugins" column where I found the code:

   "i:0;s:53:"../../../../../../../../tmp/sessions/sess82388123.txt";"

   before my other active plugins...

   Removed, and now site works perfectly fine.

4. ClaytonJames
   Member
   Posted 3 years ago #

   I would really appreciate any heads-up.

   http://wordpress.org/support/topic/205901?replies=6#post-860060

   http://cyberinsecure.com/wordpress-multiple-sql-injection-vulnerabilities/

   http://codex.wordpress.org/Hardening_WordPress

   ...and from your source code;

   <meta name="generator" content="WordPress 2.2.1" />

   Heads up...

Topic Closed

This topic has been closed to new replies.