possible hijacked pages

tmucci · Member · Feb 1, 2010 at 3:25 am
Copy link

Add topic to favorites
Recently, at the top of my blog pages are the words INCLUDE_DATA. When I view the source code I notice a javascript code inserted at line 861 beginning with “document.write(unescape( and a string of codes) followed by the words INCLUDE DATA. Also, when a page on my blog loads, a website is being accessed at the location 122.115.62.2.

On other PC’s McAffee identifies the code on each page as a trojan call JS/Wonka

I am not sure how to fix this problem. Does it meean I have to disable my blog and start from scratch?

any help would be appreciated
tellyworth · Staff · Feb 1, 2010 at 4:03 am
Copy link
Sorry but unless your blog is hosted at WordPress.com we can’t help. You didn’t say what its address is so we don’t know.

If it’s a WordPress blog you host yourself, please go here:

http://wordpress.org/support/

http://ismyblogworking.com/ will often detect a hacked blog.
tmucci · Member · Feb 2, 2010 at 12:19 am
Copy link
tellyworth…

sorry about that… my site is hosted by WordPress at
medianet-ny.com/wordpress/ [WARNING Harmful link broken do NOT visit the site the site will try to download malware on your computer -t3ck]

I ran the program you mentioned and it seems to indicate my pages have been compromised without my knowledge —- and when I chck the source I see the problem which is how I reported above.

If I can locate the code somehow, I will delete it…

I will go to the link you gave me and reprot this again on the proper forum…

Thanks for your help

Tom
timethief · Member · Feb 2, 2010 at 1:01 am
Copy link
@tmucci
The very bottom of your blog states “powered by WordPress”. This indicates that you do NOT have a wordpress.com blog.

You do have a web host. You are self hosting a wordpress.ORG software install and you are posting to the wrong forum. Please post to the correct forum here http://wordpress/org/support/

The differences between wordpress.org and wordpress.com are found in the Please read me first sticky post at the head of this forum:
https://en.forums.wordpress.com/topic/please-read-me-first-before-posting?replies=1
djlightsout · Member · Feb 2, 2010 at 6:10 am
Copy link
Hey buddy, did you resolve this problem yet? I’m having the same issue :(
justjennifer · Member · Feb 2, 2010 at 6:34 am
Copy link
djlightsout- If you have a problem with your self-hosted blog, you need to ask over at http://wordpress.org/support/ because we have no access to the working side of the program here and therefore can’t offer solutions.

WordPress.COM or WordPress.ORG? The difference

8 Things To Know Before Posting in WordPress.Com Forums

If you are talking about your WordPress.COM blog, please give us the address, starting with http://
kenshi · Member · Feb 2, 2010 at 6:59 am
Copy link
I got a temporary fix outlined here: [Potential Harmful link removed – t3ck]

I found some malicious code in my header.php

Still unsure how it got hacked
justjennifer · Member · Feb 2, 2010 at 7:02 am
Copy link
@kenshi-hopefully you posted that in the ORG support forum, because this problem does not affect WordPress.COM blogs.
shrug · Member · Feb 10, 2010 at 4:22 pm
Copy link
Guys, yeah, this is all helpful and stuff but wordpress.com isn’t the same as wordpress.org. One is self-hosted and the other is not. My recommendation is to familiarize yourself with the difference between them.

Here’s the relevant discussion on the proper forum: http://wordpress.org/support/topic/360972
timethief · Member · Feb 10, 2010 at 5:02 pm
Copy link
Here’s a detailed descritption of the differences between wordpress.com and wordpress.org http://en.support.wordpress.com/com-vs-org/ Please do NOT post to this thread unless you have a blog that’s free hosted by wordpress.COM

No items found.