Unwanted data and scripts on web pages

swamini
(@swamini)

11 years, 9 months ago

Hello All,

Few days ago our site went blank.

Then we restored it with the old copy and was working fine.

When I view the page source of the web page it has unwanted data and unwanted links which we have not included and has unwanted scripts.

Can anyone please tell why is the page showing other data and scripts ?

Is the site compromised ?

What measures should be taken for the same.

Thank you.

Viewing 5 replies - 1 through 5 (of 5 total)

codemovement.pk
(@codemovementpk)

11 years, 9 months ago

Please check you config and index files, also theme index,header and function files, there could be some unwanted code inserted.

perezbox
(@perezbox)

11 years, 9 months ago

Well if a site is ever showing stuff you unintended or didn’t plan for, it’s often a very good sign that it’s been compromised. Only you can say for sure though, as you only you should know what your website is really about and what belongs.

Here is a good place to start in your specific situation: http://codex.wordpress.org/FAQ_My_site_was_hacked

Tony

Thread Starter swamini
(@swamini)

11 years, 9 months ago

Thank you for the reply.
What if I install bulletproof security ? It will not have any effect on other functionality ?
Will this solve the issue ?

Swamini

Moderator bcworkz
(@bcworkz)

11 years, 9 months ago

A security plugin will not be helpful until you are sure any backdoors have been removed by following the steps in Tony’s link. Manual backdoor removal can be extremely difficult, take a look at this article:
http://ottopress.com/2009/hacked-wordpress-backdoors/

You say you restored the site from a backup, this usually removes backdoors when done properly, unless your backup was already compromised. You cannot do a partial restoration, you must completely wipe your entire public server space and DB clean before restoring from backup.

Once your site is completely clean, installing a security plugin will be helpful. I have no experience with the one you mention though.

perezbox
(@perezbox)

11 years, 9 months ago

You should consider taking some time to read this post to understand why a plugin like that may or may not help you: http://blog.sucuri.net/2014/09/understanding-the-wordpress-security-plugin-ecosystem.html

You’re frankly just asking the wrong question.

As for restoring backups, it’s only going to remove backdoors if you didn’t backup the backdoors. There in lies the rub with backups, it does exactly what it the name implies – backs everything, good or bad.

In short, a backup might not be the right answer for you.

You need to invest the time to identify those backdoors, if they exist. And follow some of the post-hack recommendations.

Tony

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Unwanted data and scripts on web pages’ is closed to new replies.

Unwanted data and scripts on web pages

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics