What is in.admedia.com

The first thing to do is disable the pluign and see if that fixes your problem. If it’s only doing it since you installed that plugin there’s a very good chance that the pluign is the cause of it.

What is actualyl coming from in.admedia.com is advertising code. Someone or something is trying to add some advertising to your site through whatever means they are using.

When the site is fully loaded and I do Ctrl + U I can actually see all the instances of the code.
I think it’s what’s known as a script inject.
The bad news is that the code’s still there after deactivating plugins.
Will I be OK if all (visible) instances of the code can be removed, or should I use something more sophisticated to find and remove?

The first thing that I would do is run your site thorugh the Sucuri checker at

https://sitecheck.sucuri.net/scanner/

This will tell you if anything bad is happening there.

But yes, you should try and remove all of the code that’s been added to your site. Be aware that if your site has bene hacked or compromised, then removing the code won’t do that much becuase it will just be added back in later on.

Thanks for your quick response.
How can I run it on a site that’s on my local server on not live yet?

You can’t. But if it’s on your local server I wouldn’t be quite as concerned with it being hacked. That’s actually pretty unlikely on a site that’s private like that. Just go and remove the code where it’s found.

In your opinion, does it sound like injection?
And if so, will I be able to find/remove the origin of the code in a plugin’s source file, or is the whole idea to remove the cause-plugin entirely and never use attempt to it again?

“injection” can be done in many differnt ways, and tis is probably one of them.

if you find that it’s a plugin doing it, I’d ditch that plugin completely. Even if you remove the code now, it will come back in any future updates that it has. I don’t give things like that any chance.

It’s really disconcerting that this sort of thing is rampant and widespread – considering that it’s only local still.

I don’t know What to do.

…For what it’s worth in this context, my wp-config “block external requests” is set to true. I would like to believe this illustrates the extent to which I wanted to be isolated from the external.

Is there any way to be certain this thing hasn’t inscribed itself into everything?
Even when I delete the code from my posts in html view and press update it connects again to the very same place.

That means that it’s somewhere in your code, not in your posts.

Disable EVERY plugin and change to the default theme. Now remove the code from your posts, and go and check if they show on your main site. From there, enable plugins one-by-one (only one at a time, never more), do an update to a post, and go and check it on the live site again. This will show you if it’s a plugin that’s causing this as you’ll see the code back after you enable one of the plugins, or the theme. When you find out whcih one it is, delete that plugin completely.

thanks

It’s not a plugin – I disabled all.
I’m using a child theme. Perhaps you know where else I can look?

If it’s not a plugin or your theme (you didn’t say you went back to the default theme…) then I don’t know where it coudl be. i’d suggest that you download the entire WP zip file again and re-install that over the top of what you have now. If that doesn’t fix it, do a complete re-install.

Sorry, went back to default theme.
Upon page load same message appears.
It seems to be connecting to a site (or is instructed to do so) regardless of my choice of plugins and theme.
What is an sql injection?

Hi men, I’ve got the same problem.
I use Joomla 1.7 CMS
The problem in local site…
Some pages loading too slow…
Upon loading it says “connecting to in.admedia.com”
Here is the page:
https://sws-studio.com/demo/avm/company/brands
I’ve noticed that all sites are connecting to to in.admedia.com, but some pages load too slow.
Here is a code which it adds in some places:

<br /><br data-mce-bogus="1" />
<script type="text/javascript" src="https://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862"></script>
<script src="https://in.admedia.com/?id=ODorNiU" type="text/javascript"></script>