WordPress.org

Ready to get started?Download WordPress

Forums

text javascript unknown inserted into my header.php (12 posts)

  1. edyzen
    Member
    Posted 1 year ago #

    Hello world
    My site is http://www.propertypilihan.com
    I found text javascript unknown inserted into my header.php such as below :

    <script type='text/javascript'>if(document.getElementById('hideMe') ... [hacked code deleted - please don't post here ]

    y.</p></div>

    My question is :
    1 .From where hacker can access header.php ?
    2. How to protect my site ?

  2. beyerste
    Member
    Posted 1 year ago #

    Hi,
    there are many blogs infected with this code.
    If you serach on Google for "1301851861911781711021861911821711311041861711901861171". You can find some pages.
    These code hides this Element (<div class=slider_wrapper_en>").
    It will extract following text:

    <styletype="text/css">.slider_wrapper_en{position:absolute;clip:rect(480px,auto,auto,480px);}</style>

    My problem is that my header.php is not changed if I have a look to the file, but if I open my page the script was inserted. So, where is it stored?
    Is "slider_wrapper_en" a hint? Because I have installed Sliding Door theme.

    Stefan

  3. esmi
    Forum Moderator
    Posted 1 year ago #

    @beyerste: As per the Forum Welcome, please post your own topic. Posting in an existing topic prevents us from being able to track issues by topic. Added to which, your problem - despite any similarity in symptoms - is likely to be completely different.

  4. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

  5. switch2mac
    Member
    Posted 1 year ago #

    Did somebody checked that issue?
    Looks like malware, but no entry in mysql or php files. Any idea ?

    Regards
    David

  6. WPyogi
    Volunteer Moderator
    Posted 1 year ago #

    What do you mean "somebody"? The recommended resources for hacked sites are posted right above your post.

  7. switch2mac
    Member
    Posted 1 year ago #

    @ WPyogi thanx for the great help…
    For all others, this code is added by plugin Facebook / quiknotes, the directory name of the plugin is quiknotes. The plugin is not available anymore on wordpress.org.

    So delete/deactivate the plugin and check your system as WPyogi mentioned before.

  8. edyzen
    Member
    Posted 1 year ago #

    WPyogi
    Thanks for your suggestion, that is very useful

  9. Derek Rippe
    Member
    Posted 1 year ago #

    For the record, the plugin mentioned by switch2mac, Facebook/quiknotes, is most likely not the culprit here. I just came across this hack on another site not utilizing that plugin.

    As advised by the links provided by WPyogi, it's probably best to do a clean install. No telling how or where that malicious code has been inserted, and odds are it'll be faster for you to re-install WordPress and your site files than it will be to manually check every file in your WordPress directory only to miss something and have the malware show up again.

  10. Rian Rietveld
    Member
    Posted 1 year ago #

    Thanks for this discussion, removing Facebook/quiknotes solved the javascript injection in one of my sites.

  11. Andrew
    Forum Moderator
    Posted 1 year ago #

    Removing the malicious code may resolve the symptom of the hack, but it does not resolve the hacker's ability to inject malicious code to your website.

  12. Rian Rietveld
    Member
    Posted 1 year ago #

    @andrew, it solved the problem for now. I checked the complete code/database, the rest is clean.
    I will move to site to a different provider with a clean WP and plugin install soon.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.