Script-tag behind closing html-tag

  • Resolved paka

    (@paka)


    12 years, 4 months ago

    Hello,

    after the final html-tag there is an script tag at my site: http://augustin-stich.de, and I don’t know, where it comes from.
    This is, what it looks like:

    Malware script redacted, please do not post that in these forums.

    It’s weird, isn’t it.

    I use the plugins w3 total cache, WordPress SEO, and WP Robots txt. I disabled all of them, but the script didn’t vanished.
    The URL is [ link deleted ] but it’s not available. The IP is from poland.

    This is the footer-php:

    </div><!-- #main -->

		<footer id="colophon" class="site-footer" role="contentinfo">

			<?php get_sidebar( 'footer' ); ?>

			<div class="site-info">
                                   <div class="schema-datas" itemscope itemtype="http://schema.org/LocalBusiness">
                                       <span itemprop="name">Bernd Augustin-Stich</span> –
                                    <span itemprop="description"><?php  bloginfo( 'description', 'display' ) ?></span> –
                                    <div class="schema-datas" itemprop="address" itemscope itemtype="http://schema.org/PostalAddress">
                                      <span itemprop="streetAddress">Hauptstraße 29</span> –
                                      <span itemprop="postalCode">55452</span>
                                      <span itemprop="addressLocality">Windesheim</span>
                                      <span itemprop="addressRegion">RLP</span>         –
                                    </div>
                                    Telefon: <span itemprop="telephone"><a href="tel:+496707915470" >+49 (0)6707 915470</a></span> –
                                    E-Mail: <span itemprop="email"><a href="mailto:[email protected]" >[email protected]</a></span>
                                  </div>
			</div><!-- .site-info -->
		</footer><!-- #colophon -->
	</div><!-- #page -->

	<?php wp_footer(); ?>
</body>
</html>

    and this is the page.php, where it is included:

    get_header(); ?>
<!-- file page.php -->
<div id="main-content" class="main-content">    

<?php
	if ( is_front_page() && twentyfourteen_has_featured_posts() ) {
		// Include the featured content template.
		get_template_part( 'featured-content' );
	}
?>
	<div id="primary" class="content-area">
		<div id="content" class="site-content" role="main">

			<?php
				// Start the Loop.
				while ( have_posts() ) : the_post();

					// Include the page content template.
					get_template_part( 'content', 'page' );

					// If comments are open or we have at least one comment, load up the comment template.
					if ( comments_open() || get_comments_number() ) {
						comments_template();
					}
				endwhile;
			?>

		</div><!-- #content -->
	</div><!-- #primary -->
        <?php get_sidebar( 'content' ); ?>
</div><!-- #main-content -->

<div class="contaktBlock" >
    <div class="icon-container">

        <span class="call icon"></span>
        <span class="mail icon" ></span>        

    </div>
    <div class="text-links">
        <p class="contactHeadLong">Gleich Kontakt aufnehmen<br/></p>
        <p class="contactHeadShort link-text">Kontakt<br/></p>
        <p class="telLink" ><a href="tel:+496707915470" ><span class="tel-text link-text">+49 (0)6707 91 54 70</span></a></p>
        <p class="telNum" ><span class="tel-text link-text">+49 (0)6707 91 54 70</span></p>
        <a  href="mailto:[email protected]" ><span class="link-text">[email protected]</span></a>
    </div>

</div>

<?php
// get_sidebar();
get_footer();

    As you see, there is nothing inserted after the closing php. At first, I had the suspicion, that the w3 total cache, put some code at funny places, due to some wrong settings I made, but after disableing the plugin, the error was still there.

    Greets
    Paka

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter paka

    (@paka)

    12 years, 3 months ago

    Hello,

    now I found, where the script tag was inserted. It was in the index.php on top level of the WordPres installation. But since I didn’t inserted it myself, I wonder If the website has been hacked, so I will investigate first in that direction.
    If anybody has recieved a similar incident, it would be graet, if he/she could tell me. I’m realy worried, what had happened, but since I didn’t realy understood everything the w3 total cache plugin does, I have to look there as well, until I found the reason.

    Greets
    Paka

    Thread Starter paka

    (@paka)

    12 years, 3 months ago

    Hello,
    it’s an attack.

    If somebody recieves the same problems, I will descripbe in short, what I did. But this is not complete, you should look for further information from other sources.

    Checking the log-files, I found requests from 3 other webpages during 10 hours. Two of them where infected, with scripts pointing to my site.

    I have found three infcted files:
    index.php at root
    config.php at root
    head.php in the theme directory.

    Currently I’m deleteing the whole installation, and then I will install a new one, install theme and plugins new.
    The first things I did, was chenaging ALL passwords.

    Greets
    Paka

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Script-tag behind closing html-tag’ is closed to new replies.