WordPress.org

Forums

The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

[resolved] weird character before doctype I cannot find! (9 posts)

  1. synnyzter
    Member
    Posted 3 years ago #

    So I woke up today and noticed my wordpress was broken in IE due to the letter "F" appearing before the doctype. I changed themes and its still there, disabled ALL plugins, still there so obviously its in one of the WP files. I checked my site visitor logs and noticed these...

    178.124.160.117
    //plugins/system/nnframework/index.html
    6/12/13 6:22 AM

    50.87.119.146 /wp-cron.php?doing_wp_cron=1371039744.9289751052856445312500
    6/12/13 6:22 AM

    50.87.119.146
    /wp-cron.php?doing_wp_cron=1371051558.7271559238433837890625
    6/12/13 9:39 AM

    I checked my config, index, header, and none of them have the rogue letter. I ever checked all files in the WP root. I googled this for an hour and read similar ones on here but they were all typos it seems. This is clearly not a typo but someone hacked my install. I can't seem to find the first file which was accessed, the nnframework, and I am not sure what the // means other than a network share on a computer lol.

    The domain is thercedge.com, if anyone has a clue I'd greatly appreciate any advice or a hint to fix this. Thanks.

  2. Shaun Scovil
    Member
    Posted 3 years ago #

    This looks very fishy...I would start here: http://codex.wordpress.org/FAQ_My_site_was_hacked

  3. kmessinger
    Forum Moderator
    Posted 3 years ago #

    I see nothing before doctype and it looks fine in IE10.

  4. synnyzter
    Member
    Posted 3 years ago #

    OK I installed "Anti-Malware by ELI (Get Off Malicious Scripts)" and as SOON as I activated it, it actually TOLD me something weird was up with "admin-bar.php" and I opened it, low and behold there was the "F". I had never edited this file so who knows how the heck it happened but it fixed the issue. I am now using that and bullet proof and going to implement some htaccess security. Gees the site has only been up a week lol.

    It worked when I went to bed so I know it was some bonehead in russia according to the IP who accessed it. People have nothing better to do =/

  5. Pioneer Web Design
    Member
    Posted 3 years ago #

    You should contact your host on this and review the folder that your theme is in (where did this come from?)...seems like an odd path...

    I do not see this issue at the W3 validator - you may want to scan the devices being used to access this site for malware...

    You do have many markup errors:

    http://validator.w3.org/check?uri=thercedge.com&charset=%28detect+automatically%29&doctype=Inline&group=0&ss=1

  6. synnyzter
    Member
    Posted 3 years ago #

    Yeah I JUST fixed it probably 30 seconds before you posted lol. Man if it wasnt for that plugin I would have been here all day looking through includes lol.

    Thanks anyhow! Yes I agree very fishy, I blocked the range from those user IP subnets and putting some security to practice as I should have already, shame on me I know =/

  7. synnyzter
    Member
    Posted 3 years ago #

    Yeah I don't care what validator says, many "errors" are perfectly fine although I do have a few rogue tags I need to clean which are my mistake and thanks for reminding me that as I forgot to.

    People rely too heavily on "validating" imo, just because it thinks they are wrong doesn't necessarily mean it actually is, and it is VERY out of date anyhow. Try validating any major website on the web, they all have a ton of errors according to it...even this one =)

  8. Pioneer Web Design
    Member
    Posted 3 years ago #

    There is a difference between outright markup errors and validation...you have outright errors...code that is written incorrectly.

  9. synnyzter
    Member
    Posted 3 years ago #

    I am aware of this as my post you just replied to clearly mentioned that...

Topic Closed

This topic has been closed to new replies.

About this Topic