Code Injection in Header

Home Forums BulletProof Security Free Code Injection in Header

Tagged: 

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • December 27, 2012 at 8:40 am #844
    Ben
    Member

    Hello I have BPSecurity installed and everything running perfectly, but I have a problem with a link that is above the header on my site directing to an online casino. my site is http: //www.AddictiveAngler.com i’ve deleted all the users from phpmyadmin and have changed all ftp and Database accounts.  Thank you! If i could just find the file where its loading from that would help… seems to load before header.php

    December 27, 2012 at 8:52 am #846
    AITpro Admin
    Keymaster

    The link is in your “head” section of your site.  Check your Theme’s header.php file for the code/link.  It is possible that the link is being generated from your WP DB, but this looks more like Code Injection directly into a file and not a DB hack.  Code Injection can be done by cracking your FTP password or your WP Login password or by exploiting some code in your Theme files – either js or php files.  The Code Injection could also be in any of your Theme’s JS files or possibly the Theme’s functions.php file.

    December 27, 2012 at 9:38 am #850
    Ben
    Member

    I’ve narrowed it down that its nothing in the header, its getting injected right after the <body> tag 

    December 27, 2012 at 9:45 am #851
    AITpro Admin
    Keymaster

    Right mouse click on your home page and click View Source to view the HTML Source Code and you will see that the link is in your head section and not in the body.

    December 27, 2012 at 9:45 am #852
    Ben
    Member

    I got rid of it once by restoring a backup, however I restored the same backup and and it remained this time. 

    December 27, 2012 at 9:48 am #854
    Ben
    Member

    [Code has been removed]

    please do not post source code here.

    December 27, 2012 at 9:50 am #855
    AITpro Admin
    Keymaster

    If you want to quickly find the source of the link then download your website files and open any of the php files with a code editor and then do a search through all files in the folder that you downloaded your site files too.  You can do the same type of search with phpMyAdmin and just do a search for LIKE % % and then use the search term onlinecasino-games[dot]com

    December 27, 2012 at 9:53 am #857
    AITpro Admin
    Keymaster

    If you do not have a good backup to restore from then you will need to make a download of all your files and your database.  Delete everything and then reinstall everything new/clean and then only import your database tables that contain you content.  See this WordPress help post >>> http://codex.wordpress.org/FAQ_My_site_was_hacked

    December 27, 2012 at 9:55 am #858
    Ben
    Member

    I’m doing that right now. 

    February 10, 2013 at 4:40 am #1920
    mr
    Member

    Hi, I have same problem in my blog http: //www.metallirari.com but I never discovered the code injection. Did you find it? If so can you help me? Thanks a lot. Roby

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.