Since plugin upgrade Javascript code is inserted in posts

Resolved DownunderDabbler
(@downunderdabbler)

8 years, 2 months ago

Opened my normally working site last night to write a new post and found javascript code being added to the post. Unable to remove – it would come back after deleting – could not delete the post etc. The text -inside the square brackets- inserted was [<script src=”//s3.amazonaws.com/cashe-js/143e7cdebf193d2764.js” type=”text/javascript”></script>]
That text got more complicated as I tried to edit it out – I have screen shots.
A scan with GravityScan showed nothing significant.

Eventually all plugins were deleted and the problem eventually disappeared.
I reintroduced Askimet, GPPremium and added Wordfence. No problems. I then added Participants Database (PD) and Simple CSS and the problem returned. I disabled PD and the problem returned. I disabled PD again and the problem went away.

Any idea what is happening here?
With thanks for your work and support,
Hakim

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Author xnau webdesign
(@xnau)

8 years, 2 months ago

Participants Database does not use code like this, so I don’t think it is involved in what you are seeing here.
Thread Starter DownunderDabbler
(@downunderdabbler)

8 years, 2 months ago
Thank you for your reply,

I am not at all suggesting your plugin is inserting the code. However the reality from my perspective is that after disabling all plugins, finding things back to normal, and gradually reintroducing what I consider essential plugins, the site breaks again as soon as your plugin is reactivated.

I am sorry this has happened as I have found your plugin very useful.

With best wishes,
Hakim
- This reply was modified 8 years, 2 months ago by DownunderDabbler.
Plugin Author xnau webdesign
(@xnau)

8 years, 2 months ago

Probably what is happening is Participants Database is interacting badly with another plugin. Did you try activating Participants Database first to see if using it alone causes the problem?

If you discover that PDB in combination with a specific plugin causes a problem, please let me know so I can investigate further.
Mike Meinz
(@mikemeinz)

8 years, 2 months ago
@downunderdabbler, it looks like your computer picked up some JavaScript malware. The URL (s3.amazonaws.com/cashe-js/…etc.) is mentioned in the malware analysis on https://www.blackhatworld.com/seo/analyse-of-a-fake-update-landing-page.986673/.

I suggest that you use a good search tool like Agent Ransack to search your PC for all instances of the malware URL. Remove the file or edit the file to remove the URL from all files in which the malware URL is found. Be sure that no browsers (or other programs) are running when you execute the search so that their cache files are not opened exclusively.

I have PDB installed and do not have the malware URL on my computer (I searched using Agent Ransack) so I believe that PDB is not the source.

Best wishes!
- This reply was modified 8 years, 2 months ago by Mike Meinz.
Thread Starter DownunderDabbler
(@downunderdabbler)

8 years, 2 months ago

After deleting the hundred plus files in the browser cache and all my Chrome plugins my site now operates normally. I decided to install a premium security plugin. That doesn’t function either and they will look at the site to figure out what is happening.

So, the site backend is broken and it is not attributable to anything in particular at the moment. I will be re-activating Participant’s Database once the current problem is sorted out.

Thank you both for your support in this issue.
Hakim
roadsb11
(@roadsb11)

7 years, 9 months ago
I have discovered the same issue on my WP website. Turned out to be a Chrome addon that did this.

I just deleted the “Find & Replace” addon, and it was fixed.
- This reply was modified 7 years, 9 months ago by roadsb11.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Since plugin upgrade Javascript code is inserted in posts’ is closed to new replies.