Injected code; can't remove

carolemagouirk
(@carolemagouirk)

11 years, 1 month ago
Hello,

I have this code below my body element:
```
<script type="text/javascript">
//<![CDATA[
try{(function(a){var b="http://",c="carolemagouirk.com",d="/cdn-cgi/cl/",e="img.gif",f=new a;f.src=[b,c,d,e].join("")})(Image)}catch(e){}
//]]>
</script>
```
I’ve disabled all of my plugins and checked my functions file, but it doesn’t go away and apparently, I’m the first person in google history to have this problem.

Any help would be greatly appreciated. I’m completely lost here. 🙁

Viewing 9 replies - 1 through 9 (of 9 total)

jack randall
(@theotherlebowski)

11 years, 1 month ago

what plugins/theme are you using?

Thread Starter carolemagouirk
(@carolemagouirk)

11 years, 1 month ago

Akismet
Compress JPEG & PNG images (TinyPNG)
Gallery Carousel Without JetPack
W3 Total Cache
WordPress SEO
WP-Optimize

jack randall
(@theotherlebowski)

11 years, 1 month ago

i could be wrong but after a brief look about on the google it looks like CDATA[ type stuff is used to make certain characters and strings usable in scripts where the script would normally interpret them as something else.

it looks like it’s doing something with your URL, capturing the http:// your domain name, an image server location and an image source and bunging them all together. given all of that i have a sneaking feeling that it has something to do with the Gallery Carousel Without JetPack plugin, as this is a forked/hacked version of jetpack so it might be being forced to do things it’s not meant to (and as such may need to use some specialist code to make things available to it’s main script…)

just for a quick test go back to the default theme and see if that gets rid of it and if not, try renaming the Gallery Carousel Without JetPack plugin folder on the server to see if it goes away after that…

Thread Starter carolemagouirk
(@carolemagouirk)

11 years, 1 month ago

Still there after switching to Twenty-fifteen, deactivating all plugins, and deleting Gallery Carousel Without JetPack.

This and the fact that I can’t find more info about it leads me to believe it has to do with my hosting provider.

Thank you very much for your help. 🙂

denisotugo
(@denisotugo)

11 years, 1 month ago

got it in my site too, found it through google pagespeed.
i think its a new hack in wordpress

denisotugo
(@denisotugo)

11 years, 1 month ago

it your cloudflare scrape settings {SOLVED}

Thread Starter carolemagouirk
(@carolemagouirk)

11 years, 1 month ago

Hello denisotugo,

Can you be more specific about which cloudflare setting you changed to remove the javascript?

I turned on debug and also tried pausing cloudflare, but neither removed the code which leads me to believe cloudflare is not the problem.

Thank you.

denisotugo
(@denisotugo)

11 years, 1 month ago

scrapeshield in the cloudflare apps for the domain that is having the problem.
off all the settings then purge cache

Thread Starter carolemagouirk
(@carolemagouirk)

11 years, 1 month ago

Huzzah! Cheers to you!

I can confirm this solution works. Specifically, the “Page Content Protection” option under the ScrapeShield app was the culprit.

Thank you very much for the expert detective work, denisotugo!

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Injected code; can't remove’ is closed to new replies.

Injected code; can't remove

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics