WordPress.org

Forums

[resolved] HTML Validation Issue (9 posts)

  1. carlmercurio
    Member
    Posted 7 years ago #

    My site is validating at http://webebroke.com/blog2/

    However, the same page at the root site of http://www.webebroke.com is showing 1100 errors, all of which appear to be related to sites that aren't mine including a bisexual site called http://www.biresource.com and another site not mine called http://www.takeourword.com.

    Thanks,
    Carl

  2. mechx1
    Member
    Posted 7 years ago #

    It would appear that your blog has been hacked. If you look at the source code for your blog, you'll see many links to various sites. These are enclosed in a tag:
    <font style='position: absolute;overflow: hidden;height: 0;width: 0'>
    that is hiding that text so it doesn't appear on your blog.

    It's hard to say where this got inserted, I think I would start by looking in index.php to see if there is code in there that is retrieving these links.

  3. carlmercurio
    Member
    Posted 7 years ago #

    Thank you mechx1.

    Unfortunately, this is way beyond my coding knowledge and capacity to fix. I guess I'll start by trying to figure out what index.php is and how to get into it.

    Thanks again.

    Carl

  4. mechx1
    Member
    Posted 7 years ago #

    Carl, you also need to try to find out how they got in. your admin user name and password may have been compromised. You should certainly consider changing your admin password immediatly, and choose a strong passowrd of at least six random characters that is hard to guess. There are articles in the CODEX and other places that address WordPress security which will help you harden your installation. Many of the things you can do don't require any coding.

    The file I am talking about is in your theme, and it appears that you are using the Default theme. You can log in to admin and use your Theme Editor (Under Design) to look at the code. If you prefer to pull down a copy with FTP and look at it, it should be at:
    wp-content/themes/default/index.php

    If you have not made any modifications to the Default theme, you might be able to get rid of the hack by re-loading the theme.

    Good luck with this.

  5. carlmercurio
    Member
    Posted 7 years ago #

    Thanks again. I've changed my password.

    I also tried reloading the default template, but it didn't fix the problem.

    I don't see anything resembling the "hack" in the Theme Editor. I'll try looking elsewhere. Maybe in my posts?

    Also, I'll contact WordPress Security.

    Thanks again,
    Carl

  6. carlmercurio
    Member
    Posted 7 years ago #

    Mechx1,

    I found the hack. It was in header.php. Can I just erase the code in there and hit update file?

    Thanks,
    Carl

  7. mechx1
    Member
    Posted 7 years ago #

    I can't really answer this, are you quite sure that it is a hack? If you do this, be very sure that you can replace that code if it turns out to be legitimate and your blog needs it.

  8. Justin Tadlock

    Posted 7 years ago #

    Just download the theme and upload header.php again. That way, you'll know that you didn't delete anything important.

  9. carlmercurio
    Member
    Posted 7 years ago #

    I decided to go ahead and delete the code that appeared to be the "hacker" entry. That fixed everything! Thanks, you guys rock.

    Carl

Topic Closed

This topic has been closed to new replies.

About this Topic