“Add Comment” Dialog Missing from One of My Posts

Hi,

if you do a view source on that page (https://springvalleyhoa.org/blog/?cat=9), you’ll see that there’s a javascript hanging before the comment area. This particular code is the offending one:

<noscript />

(line 123).

This tag causes everything below that tag not to be displayed. If you take a look again, see that not only your comment but the entire footer area disappear as well.

Remove that noscript tag and everything will return to normal.

Good catch! But one thing –

Isn’t that a rendered page that is generated on-the-fly? I don’t think it exists on the server.

And, if I’m correct, whatever file(s) rendered that page also rendered the other posts. Those other posts display correctly, and not only do they not contain that <noscript /> element, they also do not contain the Javascript that precedes that element.

Where do I find the code I must correct?

Hi, seeing that the javascript code exists within a post, I’m wondering if it’s embedded inside this post: https://springvalleyhoa.org/blog/?p=16

Edit that post and view it in HTML mode, if you see the script then delete it.

Hope this helps.

After reading your first reply, I deleted the post in question and wrote a new post while online. When I checked it, everything appeared normal. The footer appeared along with the Add Comment block, so I considered the issue closed.

Now 3 hours later I see that the new post has not only the original problem, but even more js script has been added to line 125! Here is the entire division:

<div class="post">
<h2>What’s on YOUR Mind?</h2>

<div class="contenttext">
<p>If you would like to bring something to the attention of the SVHOA Board of Directors, or to other SVHOA homeowners about the Boarda€?s activities (or inactivities), simply add your comment below<strong>.<script language="JavaScript" src="https://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/geov2_001.js"></script><script language="javascript">geovisit();</script> <img <strong>style="display: none"</strong> src="https://visit.geocities.com/visit.gif?&r=http%3A//springvalleyhoa.org/blog/%3Fcat%3D5&b=Microsoft%20Internet%20Explorer%204.0%20%28compatible%3B%20MSIE%206.0%3B%20Windows%20NT%205.1%3B%20SV1%3B%20.NET%20CLR%201.1.4322%29&s=1280x1024&o=Win32&c=32&j=true&v=1.2" border="0" /></p>
<p><script language="JavaScript" src="https://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/geov2_001.js"></script><script language="javascript">geovisit();</script><noscript /><script language="javascript">postamble();</script></strong>
</p>
</div>

I can see what appears to be a link to Geocities.com with a preceding element of “style=display: none” so it appears that although I took great pains to limit permissions to yroot and to myself, somebody managed to hack into the blog.

Note too in the preceding paragraph the phrase, “or to other SVHOA homeowners about the Boarda€?s activities”.

I didn’t place the garbage at the end of the word “Board”. It should read “Board’s”.

Also, the code used to hide the geocities.com link is a “style=display: none” rather than from the insertion of a <noscript />.

Furthermore, another post (Category = Over the Back Fence”) that was good several hours ago now has the same problem. Here is the pertinent code for that. Notice the js script is minimal, but I sure didn’t put it there:

<div class="post">
<h2><a href="https://springvalleyhoa.org/blog/?p=5" rel="bookmark" title="Over the Back Fence">Over the Back Fence</a></h2>
<div class="contenttext">
<p>Have something that doesn’t quite fit in the other categories? Something that has absolutely nothing to do with Spring Valley? Place it here!<<strong>script language="JavaScript" src="https://us.js2.yimg.com/us.js.yimg.com/lib/smb/js/hosting/cp/js_source/geov2_001.js"></script><script language="javascript">geovisit();</script> <noscript /></strong>
</p>

The inserted script in the above code is the same as that originally inserted in the first post that presented the problem, right down to the <noscript /> element.

What do you think – has the blog been hacked??