WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] weird character before doctype I cannot find! (9 posts)

  1. synnyzter
    Member
    Posted 1 year ago #

    So I woke up today and noticed my wordpress was broken in IE due to the letter "F" appearing before the doctype. I changed themes and its still there, disabled ALL plugins, still there so obviously its in one of the WP files. I checked my site visitor logs and noticed these...

    178.124.160.117
    //plugins/system/nnframework/index.html
    6/12/13 6:22 AM

    50.87.119.146 /wp-cron.php?doing_wp_cron=1371039744.9289751052856445312500
    6/12/13 6:22 AM

    50.87.119.146
    /wp-cron.php?doing_wp_cron=1371051558.7271559238433837890625
    6/12/13 9:39 AM

    I checked my config, index, header, and none of them have the rogue letter. I ever checked all files in the WP root. I googled this for an hour and read similar ones on here but they were all typos it seems. This is clearly not a typo but someone hacked my install. I can't seem to find the first file which was accessed, the nnframework, and I am not sure what the // means other than a network share on a computer lol.

    The domain is thercedge.com, if anyone has a clue I'd greatly appreciate any advice or a hint to fix this. Thanks.

  2. Shaun Scovil
    Member
    Posted 1 year ago #

    This looks very fishy...I would start here: http://codex.wordpress.org/FAQ_My_site_was_hacked

  3. kmessinger
    Volunteer Moderator
    Posted 1 year ago #

    I see nothing before doctype and it looks fine in IE10.

  4. synnyzter
    Member
    Posted 1 year ago #

    OK I installed "Anti-Malware by ELI (Get Off Malicious Scripts)" and as SOON as I activated it, it actually TOLD me something weird was up with "admin-bar.php" and I opened it, low and behold there was the "F". I had never edited this file so who knows how the heck it happened but it fixed the issue. I am now using that and bullet proof and going to implement some htaccess security. Gees the site has only been up a week lol.

    It worked when I went to bed so I know it was some bonehead in russia according to the IP who accessed it. People have nothing better to do =/

  5. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    You should contact your host on this and review the folder that your theme is in (where did this come from?)...seems like an odd path...

    I do not see this issue at the W3 validator - you may want to scan the devices being used to access this site for malware...

    You do have many markup errors:

    http://validator.w3.org/check?uri=thercedge.com&charset=%28detect+automatically%29&doctype=Inline&group=0&ss=1

  6. synnyzter
    Member
    Posted 1 year ago #

    Yeah I JUST fixed it probably 30 seconds before you posted lol. Man if it wasnt for that plugin I would have been here all day looking through includes lol.

    Thanks anyhow! Yes I agree very fishy, I blocked the range from those user IP subnets and putting some security to practice as I should have already, shame on me I know =/

  7. synnyzter
    Member
    Posted 1 year ago #

    Yeah I don't care what validator says, many "errors" are perfectly fine although I do have a few rogue tags I need to clean which are my mistake and thanks for reminding me that as I forgot to.

    People rely too heavily on "validating" imo, just because it thinks they are wrong doesn't necessarily mean it actually is, and it is VERY out of date anyhow. Try validating any major website on the web, they all have a ton of errors according to it...even this one =)

  8. Pioneer Valley Web Design
    Member
    Posted 1 year ago #

    There is a difference between outright markup errors and validation...you have outright errors...code that is written incorrectly.

  9. synnyzter
    Member
    Posted 1 year ago #

    I am aware of this as my post you just replied to clearly mentioned that...

Topic Closed

This topic has been closed to new replies.

About this Topic