PHP variables in content, have I been hacked?

  • Hi,

    Just noticed when a customers shared content from his WP site on Facebook lots of html tags appear in the OG-tags (description).

    Had a look at the website and discovered lots of content that should be there in pretty much all texts on the website, tags and stuff like this:
    <div id="\&quot;\\&quot;\\\\&quot;\\\\\\\\&quot;\\\\\\\\\\\\\\\\&quot;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\&quot;mainPageinlineContent\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\&quot;\\\\\\\\\\\\\\\\&quot;\\\\\\\\&quot;\\\\&quot;\\&quot;\&quot;" class="\&quot;\\&quot;\\\\&quot;\\\\\\\\&quot;\\\\\\\\\\\\\\\\&quot;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\&quot;s7inlineContent\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\&quot;\\\\\\\\\\\\\\\\&quot;\\\\\\\\&quot;\\\\&quot;\\&quot;\&quot;" data-reactid="\&quot;\\&quot;\\\\&quot;\\\\\\\\&quot;\\\\\\\\\\\\\\\\&quot;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\&quot;.0.$SITE_ROOT.$desktop_siteRoot.$PAGES_CONTAINER.1.1.$SITE_PAGES.$mainPage.1\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\&quot;\\\\\\\\\\\\\\\\&quot;\\\\\\\\&quot;\\\\&quot;\\&quot;\&quot;">

    Have the site been hacked? I thought at first the one who edited the texts copy/pasted from Word, but the PHP variables look-a-likes like “$SITE_ROOT” makes me very, very suspicious..

    Does anyone have a clue what may have happened?

    Thanks!

Viewing 1 replies (of 1 total)
  • Moderator James Huff

    (@macmanx)

    That doesn’t seem hackish to me, it just seems wrong.

    Try deactivating all plugins, then run a post through https://developers.facebook.com/tools/debug/og/object/ using the “Fetch New Scrape Information” button (the other button just reloads the last cache, which will likely still have the same problem). If that resolves the issue, reactivate each one individually until you find the cause.

    If that does not resolve the issue, try switching to the Twenty Fifteen theme and run it through the Facebook debugger to rule-out a theme-specific issue.

Viewing 1 replies (of 1 total)
  • The topic ‘PHP variables in content, have I been hacked?’ is closed to new replies.