WordPress.org

Support

Support » How-To and Troubleshooting » Content Virus Hack ? Causes_Script injected into pages edited by user

Content Virus Hack ? Causes_Script injected into pages edited by user

  • Reaching out to see if anyone has seen this crazy issue before!

    I am working on a site (http://loavesandfishestn.org/tcg/) that is not live yet. We established a username for the client to add content. One of the content managers at our company noticed that when you view the edit page screen in HTML, strange code was added at the bottom of EVERY page this user touched.

    Here is a taste of it…

    [ Redacted, please do not share that code here ]

    And it goes on, and on, and on…

    Now this user definitely did not add this code on purpose. Is this a virus? She is running a Mac OS x Version 10.6.8 – Browser is FireFox 18.

    I rolled through the site and deleted it all, and removed her username. Really freaked me out!

    Is this a virus? Have you seen this before?

    If anyone wants to see the full code, just let me know. I will send it.

    Thank you,
    Carolyn

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Jan Dembowski

    @jdembowski

    Brute Squad and Volunteer Moderator

    Can you provide a link as an example where that script is? I’ve looked at your site and can’t find it.

    It could be something innocuous and part of your theme or plugin. Or it could be a hack, hopefully a link will show one way or the other.

    Thank you! Yes, I removed it from the site. I wrote the theme myself and we use a standard set of plugins (happy to list them!).

    Here is the code in its entirety as it was seen in the “Edit Page” screen (HTML view) of one of the pages:

    [Huge block of markup moderated. Please just post a link to the relevant page instead.]

    We are starting to think it could be a browser toolbar added to firefox, and its adding advertisements? maybe?

    Thank you so much for taking a look at this!

    Wouldn’t let me post the code. Apologies, please see:

    http://www.thinkthrive.com/original.txt

    Also, I’m not sure it’s our site or plugins per say, because when we go in and edit content, nothing happens. This is completely unique to that one specific username. Only when that user edits a page, does the script show up at the bottom of the content.

    WPyogi

    @wpyogi

    Forum Moderator

    Have you tried using that username on a different computer? It could be a local virus or malware.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Content Virus Hack ? Causes_Script injected into pages edited by user’ is closed to new replies.
Skip to toolbar