How to find a file?

  • Hi,
    I got my website infected. I did some work finding where the problem is. I found the line of code that should be deleted with https://www.aw-snap.info. That’s fine. I open thye site, I right click and chose Inspect Element. And… bummer. I can’t edit and save the file this way. Where and how can I find the same piece of code that I get when I click Inspect Element in my browser? I mean I know how to download a file with your ftp client, how to open and edit it. But I don’t know how to find THE file – the one with the same content that you get clicking Inspect Element (the one with DOCTYPE, head, body and so on).

    Thank you for your help, guys.

Viewing 12 replies - 1 through 12 (of 12 total)

  • Hello @grzesiekg

    What you see in the “inspect” element menu is the end result. It’s what is called “html output”

    That output is a result of WordPress combining many files together.

    When you edit things in with “inspect Element” menu you are only editing them in your locally and in browser only. As soon as you refresh the page the page go back to what it was like before.

    What you want to do instead is log in to WordPress and find “editor” under the “appearance” menu on the admin toolbar on the left hand of the screen.

    In the editor, you will find most of the files that WordPress puts together to create the HTML output.

    If you edit those files, the changes are saved and they are global.

    Now, pay close attention.

    Doing something you’re not supposed to do in those files will break your website. IF you don’t know exactly what you need to do and how to do it, I would recommend that you read about it a lot first.

    I can try to help you identify which file you need to edit if you provide a link to the page you want to remove the code from and the actual code that you want to remove.

    • This reply was modified 8 years, 3 months ago by j09.
    Thread Starter grzesiekg

    (@grzesiekg)

    Hi, thank you very much for your answer. I begin getting it. Anyway I can’t lozalize the files. That would be a great help to me if you could try to indicate them.

    I scanned my wordpress directory with an antivirus that found a source of infection which I removed.

    Than I checked the page code with https://www.aw-snap.info that is dedicated by google. It turned out the malware had placed suspicious links in the code.

    There are the file viewer I used and my website address:

    https://aw-snap.info/file-viewer/
    https://www.pstrykpyk.pl

    Thank you very much,

    Grzesiek

    Hello again @grzesiekg

    It looks like the issue comes from a script that your website loads from a “suspicious” website.

    The script loads from the following website

    h t t p : //b u i l d a d v i c e . c o m

    The location of the script is at the bottom of the <head> section right before the </head> tag.

    ***(The internet is full of tutorials on how to do this if you read the text below and cannot understand or cannot follow – I am not very good at explaining things but I will try )**

    From the admin panel, Select Appearance >> Editor >>

    Then you need to look at the right hand side panel. The files you see are some the ones WordPress uses to construct your pages.

    Now the file you want to look at is called (head.php)

    Open that file and search (using Control + F)

    The term you want to search for is ” </head> ” without quote marks

    once you find </head> look above it and see if you can find a <script> tag that contains anything similar to this

    <script> src=” h t t p ://b u i l d a d v i c e . c o m / g e t i n f o q l c t 5 7 / h e a d / x m x b q k w l . p h p ? i d = 1 1 5 9 4 4 3 ” > </script>

    If you find it, don’t do anything… just leave it and post an update here so we can determine the next step.

    Thread Starter grzesiekg

    (@grzesiekg)

    Hi,

    Thank you very much for your concern.
    Yes, I did find the file and the script. Should I delete it?

    Regards,

    Grzesiek

    @grzesiekg

    You’re welcome.

    I would suggest that you make a backup of your install first, then you can try to remove the script and see what happens.

    Thread Starter grzesiekg

    (@grzesiekg)

    Hi,

    I localized the file and removed the script. I scanned the page with the https://www.aw-snap.info/ file viewr and it gave me a clean result.

    Should I ask Google to verify my website again? Should I use Google Search Console?

    Thank you very much for you help. It was very kind of you!

    Best regards,

    Grzesiek

    @grzesiekg

    That’s good news!

    You’re welcome, I am happy to help.

    Yes you can ask google to crawl your website again. You can check the status of your website in google index by visiting this link to see if google thinks you website is safe or not.

    https://www.google.com/safebrowsing/diagnostic?site=pstrykpyk.pl

    it might take a day or two after you ask google to crawl your website for the status to update.

    This link explains the review process by google

    Request Google Review

    Thread Starter grzesiekg

    (@grzesiekg)

    Thank you very much. You helped me a lot!

    Best regards,

    Grzesiek

    You’re very welcome!

    Thread Starter grzesiekg

    (@grzesiekg)

    I got an answer from Google Search Console. It went succesfuly through the verification. The malware notification has been deleted. You’ve made our day! Thank you ??

    @grzesiekg

    That’s terrific!!

    I am glad your issue is solved. You’re welcome and I wish you the best of luck.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘How to find a file?’ is closed to new replies.