Home Forums Graphene WordPress theme Support

Strange code

  • Oliver

    August 15, 2013 at 12:32 pm #7941

    Hi

    This strange code is on the slider and on all the top substance.

    # 0f2490 # if (empty ($ bu)) {$ BU = “”; echo $ bu;} # / 0f2490 #

    Anyone know why this happens?

    Site: http://minmadopskrift.dk/

    Kind regards

    Oliver

    Mod

    Kenneth John Odle

    August 15, 2013 at 3:06 pm #39649

    You have some bad JavaScript code in there.

    Are you using a child theme? Have you edited theme files? Have you tried disabling plugins to rule out a plugin issue?

    Oliver

    August 15, 2013 at 8:09 pm #39650

    Yes, I am using a child theme, and I have move the CSS codes generated by the theme into the child theme’s style.css

    I have disabled all plugins also, but without luck.

    I have reinstalled the entire website, and it helps one day, then the bad code arrived again?

    Mod

    Kenneth John Odle

    August 15, 2013 at 11:06 pm #39651
    Quote:
    and it helps one day, then the bad code arrived again?

    It could be generated by one of your plugins. Have you installed any plugins that you didn’t get from the WordPress plugin repository at http://wordpress.org/plugins/

    Oliver

    August 16, 2013 at 2:59 pm #39652

    Yes, all from wordpress.

    I have reinstalled the config.php and. htaccess file. Uninstalled all plugins and reinstall again. Reinstalled Graphene Child.

    Nothing helps.

    Could it be a hack?

    I found other Danish and English wordpress sites that have this code:

    Please look here: http://fashionistasistas.dk/sommerkjolen/

    And if you enter this site: facepaint (delete link)

    The AVG anti virus Alert Says: Virus= Exploit Blackhole Exploit Kit type 2726 which is why I discovered this code on my site.

    Mod

    Kenneth John Odle

    August 16, 2013 at 4:10 pm #39653

    You are only running WordPress 3.5, as is the other site you have linked to. You should update to 3.6 to take advantage of the latest security enhancements and see if that resolves the problem.

    Also, make sure that all of your plugins are up to date.

    If not, it is possible that your site has been hacked. You might want to take a look at the resources I have listed here:

    http://blog.kjodle.net/2013/07/04/troubleshoot-your-wordpress-blog/#If_Your_Site_Has_Been_Hacked

    Oliver

    August 16, 2013 at 5:26 pm #39654

    Hi Kenneth

    Thanks for your help, really appreciate it

    All plugins updated to last version.

    Wordpress is updated to last version, for some time ago?

    On FrontPage, my link to the Graphene theme is gone also.

    I will look at your link, and install more security on my site, chance password etc.

    I will be back when I have more information about this subject.

    Anonymous

    August 16, 2013 at 7:20 pm #39655

    You definitely have some malicious code on your site.

    I have taken it from your source code, and pasted it to pastebin, so you may see what it looks like:

    http://pastebin.com/5s66Raii

    This can come from a variety of places; a bad plugin, a bad theme, a bad database entry, a bad plugin/theme that has injected the code into your header.php template file (or other template files).

    I would suggest going over to the WP forums.. and researching on how to find out if your site has been hacked.

    There, they will explain how to look for bad code; the most common ‘attack’ areas; etc.

    Oliver

    August 21, 2013 at 8:26 pm #39656

    Hi

    I deleted my website and used a backup. Changed password, installed firewall and security plugins.

    . htaccess file – changed permissions.

    This has thankfully helped.

    Many, many thanks for your help and advice 🙂

Viewing 9 posts - 1 through 9 (of 9 total)

  • You must be logged in to reply to this topic.