Javascript code on site that I did not place

  • tracievh

    (@tracievh)


    17 years ago

    http://174.133.9.234/~hawkresi/wordpress/

    I set this word press site up for a friend ( still in progress) and there is some java script that links to a calris site that I certainly did not add.

    Viewing the source it is after the body tag and before the container tag:

    <body>
    <script language=”javascript”>
    document.write(‘<style> #a428b13 { margin: -40000px; position: absolute; text-align:right; } </style>’);
    </script>Cialis side effects
    <div id=”container”>
    I can not seem to find this script when looking at the actual files. I did download the current files ( index, header, etc).

    It’s driving me crazy because i can’t seem to find where this code is located to delete it.

    Any help/ideas appreciated.

Viewing 5 replies - 1 through 5 (of 5 total)
  • iridiax

    (@iridiax)

    17 years ago

    Unless it came with your “sponsored” theme or a plugin, your site has been hacked.

    See: http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

    Thread Starter tracievh

    (@tracievh)

    17 years ago

    thank you for the link. I ran it and it came back with

    No suspicious plugins found
    Hooray! No suspicious plugins found in the active_plugins database record.

    No suspicious posts or comments found
    Hooray! No suspicious text found in your posts or comments tables!

    it picked up numerous files with: “String.fromCharCode” Javascript code used to hide suspicious code, but can also be legitimate code.

    and then several from the scanner files itself, which if i understand is a good thing because it means it is searching properly.

    I’m still unsure as to what to do…short of deleting everything and started over.

    toppdogg

    (@toppdogg)

    17 years ago

    Another good tip is to install Bad Behavior and Askimet spam checking for comments.

    John H

    (@wpbloghost)

    17 years ago

    Looks like some sort of spam to me. Why don’t you try just deleting the code and then installing some security enhancements to your WP installation.

    Thread Starter tracievh

    (@tracievh)

    17 years ago

    topdogg – thank you for the recommendations. I will definitely be using bad behavior from now on.

    WpBlogHost – My problem is I can’t find the code. I downloaded the current files from the theme i am using off the server, and looked at the index, header, side bar, functions, and post files – nothing that looks like that string of code is found.

    In the style sheet -I looked for obvious items but I’m still a novice so not sure I did a great job.

    Then the theme license file, footer, and start template file are all gibberish…coded php i guess…i have no clue if it is in there.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Javascript code on site that I did not place’ is closed to new replies.