Strange code in header.php file.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Samuel B

    (@samboll)

    Those are base 64 obfuscated codes – usually just for spam links but can be used to hack your site.
    There are several online de-cryptors if you want to try them
    https://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.aspx

    https://base64-encoder-online.waraxe.us/

    https://tools.cmyweb.net/decode.html

    https://www.tareeinternet.com/scripts/decrypt.php

    Thread Starter piflips

    (@piflips)

    Thanks, I try all but nothing.

    Samuel B

    (@samboll)

    I have never and will never use themes with obfuscated code

    try just this part
    ZnVuY3Rpb24gdGhlbWVfZm9vdGVyX3QoKSB7IGlmICghKGZ1bmN0aW9uX2V4aXN0cygiY2hlY2tfdGhlbWVfZm9vdGVyIikgJiYgZnVuY3Rpb25fZXhpc3RzKCJjaGVja190aGVtZV9oZWFkZXIiKSkpIHsgdGhlbWVfdXNhZ2VfbWVzc2FnZSgpOyBkaWU7IH0gfSB0aGVtZV9mb290ZXJfdCgpOw==

    I’m using the Theme Fall Season, on one of my managed sites. For the last few months I have been in a remove and try-to-find-the-source of a javascript code that continues to reappear in the header.php file.

    The script is an obvious SPAM .. with hundreds of links back to a litany of Tumblr posts; all promoting SPAM.

    I’ve have removed ALL plug-ins and it still continues to show up. I’ve scanned the entire WP code – line-by-line. Nothing revealing – to me. I’ve done everything but blast the installation and start over.

    This is a rather large dBase site. And I’m not sure the dBase has not been compromised.

    In the javascript there is definitely obfuscated code, but NOWHERE in the Fall Season code.

    Help! Please.

    Thanks …

    lots of things could still be doing it. Have you been through every file on your server? You could have a rogue file uploaded to some obscure place on your server that inserts the code.

    Are you able to view your access logs? Some hosts let you, like godaddy….

    Anyway, when your header.php file gets altered, check the timestamp. Then check your access logs for that date and time, and see what’s going on. It should tell you what from where your header.php is being altered. If you don’t have access to your logs, ask your host for assistance

    Yes. I have access to the logs. And I’ve been pouring over them. But I can’t find anything out of the ‘ordinary’. Any idea what I might be looking for? I’m looking for ‘oddities’… but I seem to find a lot of them; though they turn out to be spiders.

    Hints .. maybe?

    Thanks.

    I found the culprit. Go to this conversation: https://www.ads-software.com/support/edit.php?id=1368426

    There’s more!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Strange code in header.php file.’ is closed to new replies.