WordPress.org

Forums

Content Virus Hack ? Causes_Script injected into pages edited by user (6 posts)

  1. Carolyn_Madison
    Member
    Posted 2 years ago #

    Reaching out to see if anyone has seen this crazy issue before!

    I am working on a site (http://loavesandfishestn.org/tcg/) that is not live yet. We established a username for the client to add content. One of the content managers at our company noticed that when you view the edit page screen in HTML, strange code was added at the bottom of EVERY page this user touched.

    Here is a taste of it...

    [ Redacted, please do not share that code here ]

    And it goes on, and on, and on...

    Now this user definitely did not add this code on purpose. Is this a virus? She is running a Mac OS x Version 10.6.8 - Browser is FireFox 18.

    I rolled through the site and deleted it all, and removed her username. Really freaked me out!

    Is this a virus? Have you seen this before?

    If anyone wants to see the full code, just let me know. I will send it.

    Thank you,
    Carolyn

  2. Can you provide a link as an example where that script is? I've looked at your site and can't find it.

    It could be something innocuous and part of your theme or plugin. Or it could be a hack, hopefully a link will show one way or the other.

  3. Carolyn_Madison
    Member
    Posted 2 years ago #

    Thank you! Yes, I removed it from the site. I wrote the theme myself and we use a standard set of plugins (happy to list them!).

    Here is the code in its entirety as it was seen in the "Edit Page" screen (HTML view) of one of the pages:

    [Huge block of markup moderated. Please just post a link to the relevant page instead.]

    We are starting to think it could be a browser toolbar added to firefox, and its adding advertisements? maybe?

    Thank you so much for taking a look at this!

  4. Carolyn_Madison
    Member
    Posted 2 years ago #

    Wouldn't let me post the code. Apologies, please see:

    http://www.thinkthrive.com/original.txt

  5. Carolyn_Madison
    Member
    Posted 2 years ago #

    Also, I'm not sure it's our site or plugins per say, because when we go in and edit content, nothing happens. This is completely unique to that one specific username. Only when that user edits a page, does the script show up at the bottom of the content.

  6. WPyogi
    Forum Moderator
    Posted 2 years ago #

    Have you tried using that username on a different computer? It could be a local virus or malware.

Topic Closed

This topic has been closed to new replies.

About this Topic