Rick
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Blog is redirecting to malcious sites….Issue solved… I found the injected coding in wp-content/themes/bfa-round-tabs-10/header.php
It was a script in-between the end HEAD tag and the beginning BODY tag.
All looks like its working fine now and its no longer trying to connect or redirect to any website.
Thanks Trayner for the useful link, it was the exact same issue… although I fixed it before I read it lol, but at least I know the in’s and out’s of the issue now =p
Forum: Fixing WordPress
In reply to: Blog is redirecting to malcious sites….I’m Kujoe’s web guy before I start lol…
A user called HaiPaolucci69 signed up and used the ‘First Name’ field to inject some coding. This injected code seems to have given the user admin permissions. That account is now deleted along with the injected code. There is however some more coding throughout the site causing it to redirect to certain pages.
I found some coding by viewing source on the main page, its located after the end of the HEAD tag and before the beginning of the BODY tag… its slightly encoded to hide itself though. The important bit is “unescape” I think…. this is the first part of the decrypted coding:
<script language="javascript">function dF(s){var s1=unescape(s.substr(0,s.length-1)); var t='';for(i=0;i<s1.length;i++)t+=String.fromCharCode(s1.charCodeAt(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script>I dont know what the rest of the coding is encrypted in so I cant translate it. Anyway… unescape I think is the source of the redirect… BUT I can’t find where that script is in the PHP’s or the SQL. I’m hoping its PHP but since I dont know WP too well could someone suggest which PHP file it could be in, as I said the code is located after the end of the HEAD tag and before the beginning of the BODY tag on the main page.
Kujoe is currently uploading a fresh copy of the latest version in hopes of eradicating this, but due to the amount of data in the SQL’s we’re trying to keep the SQL and just upload a fresh site… so hopefully we don’t have to delete the SQL.
Forum: Fixing WordPress
In reply to: Hacked With an Injector – Cant Get Rid of RedirectThanks, sorry about the double posting of the same issue, I didn’t realise he had already created a topic lol.