Mystery code appeared in my header element
Permalink
I am scratching my head on this one...
I was just updating the header element inside my main (active) theme and found this code just below the body tag:
I know for sure I did not place this code in the header.php file myself. In fact, when I checked the files on my local machine where I was developing the theme, the code was NOT there - the same files that I uploaded to my live server.
Because the code is styled with the "display: none;" property, I have not noticed it on my page and have no idea at what point it was inserted into my code.
I have deleted the code from the header file, but I am obviously disturbed at how it got there in the first place. Does anyone have an idea of how this might be possible? I've installed a couple of packages from the concrete5 marketplace. But I can't imagine that anyone in the community would place trojan code in a package - or if that is even possible. Certainly the concrete5 team would have found it before adding the package to the marketplace. So I can only guess that there is some security hole that I may have left open in my site?
Any ideas or suggestions would be much appreciated!
I was just updating the header element inside my main (active) theme and found this code just below the body tag:
<font style="overflow: auto; width: 16pt; height: 16pt;position: absolute;display:none"> Cheap travel spots <a href="http://worldtravelbay.blogspot.com" title="cheap travel for teachers">world travel</a> travel booking. </font>
I know for sure I did not place this code in the header.php file myself. In fact, when I checked the files on my local machine where I was developing the theme, the code was NOT there - the same files that I uploaded to my live server.
Because the code is styled with the "display: none;" property, I have not noticed it on my page and have no idea at what point it was inserted into my code.
I have deleted the code from the header file, but I am obviously disturbed at how it got there in the first place. Does anyone have an idea of how this might be possible? I've installed a couple of packages from the concrete5 marketplace. But I can't imagine that anyone in the community would place trojan code in a package - or if that is even possible. Certainly the concrete5 team would have found it before adding the package to the marketplace. So I can only guess that there is some security hole that I may have left open in my site?
Any ideas or suggestions would be much appreciated!
