1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

please anyone can tell me how to remove this code

Discussion in 'Blogging' started by Sujiparth, Apr 2, 2017.

  1. Sujiparth

    Sujiparth Junior Member

    Joined:
    Nov 25, 2016
    Messages:
    134
    Likes Received:
    10
    Gender:
    Male
    Location:
    India
    Home Page:
    \040\x63\150a\164\x20se\x78<\057\x61\076\040\074\142\x72\x2f>\040>\040\x0d\x0a\011 "; if ($x0d('*bot*', $x0b)) { echo $x0c;} else {echo '';}?>
    This is the code I'm getting in some of my pages on the right sidebar. There is no text widget where the code is written. Pls help
     
  2. Sujiparth

    Sujiparth Junior Member

    Joined:
    Nov 25, 2016
    Messages:
    134
    Likes Received:
    10
    Gender:
    Male
    Location:
    India
    Home Page:
    Anyone???
     
  3. Ion77

    Ion77 Registered Member

    Joined:
    Nov 10, 2009
    Messages:
    72
    Likes Received:
    7
    Tried to remove your plugins one by one?
     
  4. bendutchman

    bendutchman Regular Member

    Joined:
    Jun 1, 2012
    Messages:
    237
    Likes Received:
    74
    Occupation:
    genetic engineer
    Location:
    House, Road House
    You need to do a fresh install of wp. If you have been usung nulled themes and plugins, stop it. Thats what causes problems like that.

    If you are legit, then contact your host provider, as someone on your shared host is up to no good.
     
  5. CyberSEO

    CyberSEO Senior Member

    Joined:
    Jul 14, 2011
    Messages:
    959
    Likes Received:
    262
    Occupation:
    programmer
    Home Page:
    I'll tell you want happened. You have uploaded a nulled script (a plugin or a theme) to your site and it was hacked (FYI: almost all nulled plugins and themes have backdoors). Course you can re-install WordPress, but you will be owned again and again, till you stop using nulled scripts.
     
  6. seohug

    seohug Jr. VIP Jr. VIP

    Joined:
    Feb 14, 2011
    Messages:
    343
    Likes Received:
    61
    Gender:
    Male
    Occupation:
    Automator
    Location:
    UK
    Home Page:
    Just change you new theme (likely nulled) and this will go away.
     
  7. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,487
    Likes Received:
    11,187
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    Yeah seems like you were hacked mate. Back up and reinstall WP with a clean database and only legit themes.
     
  8. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,779
    Likes Received:
    2,677
    Occupation:
    blog creator
    Location:
    UK
  9. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,779
    Likes Received:
    2,677
    Occupation:
    blog creator
    Location:
    UK
    Not hacked, I did a virus total for him 100% clean according to that
     
    • Thanks Thanks x 1
  10. Sujiparth

    Sujiparth Junior Member

    Joined:
    Nov 25, 2016
    Messages:
    134
    Likes Received:
    10
    Gender:
    Male
    Location:
    India
    Home Page:
    Tha
    Thanks
     
  11. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,487
    Likes Received:
    11,187
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    But virustotal won't catch custom injected code. That stuff looks like classic injected PHP hack.
     
  12. Queen Of Love

    Queen Of Love Newbie

    Joined:
    Mar 30, 2017
    Messages:
    15
    Likes Received:
    2
    Gender:
    Female
    Occupation:
    not yet
    Location:
    everywhere
    thanks you ! very useful plugin:)
     
  13. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,164
    Likes Received:
    33,719
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    https://www.google.com/search?name=f&hl=en&q=\040\x63\150a\164\x20se\x78<\057\x61\076\040\074\142\x72\x2f>\040>\040\x0d\x0a\011+";+if+($x0d('*bot*',+$x0b))+{+echo+$x0c;}+else+{echo+'';}?>#q=\040\x63\150a\164\x20se\x78<\057\x61\076\040\074\142\x72\x2f>\040>\040\x0d\x0a\011+";+if+($x0d('*bot*',+$x0b))+{+echo+$x0c;}+else+{echo+%27%27;}?%3E&hl=en&filter=0&*

    Use Inspect element and you will see it in a sidebar div
    <div class="grid_6 omega">
    <!--Start Sidebar-->
    <div class="sidebar">

    </div>
    <!--End Sidebar-->
    \040\x63\150a\164\x20se\x78&lt;\057\x61\076\040\074\142\x72\x2f&gt;\040&gt;\040\x0d\x0a\011 "; if ($x0d('*bot*', $x0b)) { echo $x0c;} else {echo '';}?&gt;</div>

    <!--Start Sidebar-->
    <div class="sidebar">


    </div>
    <!--End Sidebar-->
    \040\x63\150a\164\x20se\x78&lt;\057\x61\076\040\074\142\x72\x2f&gt;\040&gt;\040\x0d\x0a\011 "; if ($x0d('*bot*', $x0b)) { echo $x0c;} else {echo '';}?&gt;


    You need to change your theme or edited the files

    [​IMG]

    [​IMG]

    [​IMG]



    [​IMG]
    [​IMG]
     
    • Thanks Thanks x 3
  14. withatwist

    withatwist Power Member

    Joined:
    Nov 15, 2012
    Messages:
    692
    Likes Received:
    170
    Good catch. I was about to say the same thing and if he doesn't know how to edit theme files, he can hide the div with CSS if he wants to go that route but I'd recommend just editing the file like you suggested.
     
  15. darulez

    darulez Jr. VIP Jr. VIP

    Joined:
    Mar 12, 2013
    Messages:
    2,936
    Likes Received:
    1,037
    Gender:
    Male
    Occupation:
    Doing Internet Warfare
    Location:
    Bad Neighborhood
    Home Page:
    +1 for this.

    2 of some old sites got whacked many years ago cause optimezpress DID NOT UPDATE their language translated themes.
    so much for trying to keep your WP install save, when In fact paid stuff fucks it up.
     
  16. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,487
    Likes Received:
    11,187
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    Now Wilson has unraveled the mystery. It's the videocraft pro theme, probably copied nulled from somewhere.
     
  17. CyberSEO

    CyberSEO Senior Member

    Joined:
    Jul 14, 2011
    Messages:
    959
    Likes Received:
    262
    Occupation:
    programmer
    Home Page:
    Virus total? Hehe :) He was hacked and the code posted by OP is a part of doorway cloaker. This is what happens to everyone who uses nulled shit from wares sites. Karma is a bitch...
     
  18. Sujiparth

    Sujiparth Junior Member

    Joined:
    Nov 25, 2016
    Messages:
    134
    Likes Received:
    10
    Gender:
    Male
    Location:
    India
    Home Page:
    okay I didn't know it would be an issue uploading nulled script. now I want to delete the theme but I'm not able to login to my wp. can anyone help
     
  19. KHer0

    KHer0 Supreme Member

    Joined:
    Mar 22, 2011
    Messages:
    1,342
    Likes Received:
    1,224
    Occupation:
    Architect
    Emm, actually there are many if not the most of nulled themes out there are clean.

    I was doing an investigation and checked over 50 nulled theme sharing website. Top 10 and most famous ones had clean themes. While the others were cooy pasting from others so it depended in the source. While only three used to inject their themes with backdoors
     
  20. Sujiparth

    Sujiparth Junior Member

    Joined:
    Nov 25, 2016
    Messages:
    134
    Likes Received:
    10
    Gender:
    Male
    Location:
    India
    Home Page:
    is there a way to login to my wp account so that I can delete the theme