problem with https://genericstts.com/init.min.js

Hello people!

yes, one of our websites also has the same problem.
https://www.drentertainment.com
Any idea where i can find that string i can remove?

I am also having problems with some templates or plugins.

I tried to locate the source code and is not possible. This being done some kind of code injection, through a primary script.

In my case seeking a solution realized by the code sometimes disappeared completely alone.

But when giving a refresh returned as follows.

<script src = "// genericstts.com/init.min.js?v=1.58" /> </ script>

Since by default this code is being included as well:

<script src = "// genericstts.com/init.min.js" /> </ script>

If someone has an idea or found a solution. Share.

No idea here as of yet. Now when I reload the site, same thing happens: the code does not come back. But we have a major preview coming up (we already missed one deadline because of this effing script), and we cannot afford to have advertisers see our site be down because some rogue site is analyzing our traffic patterns.

I just tried the domain link again, and now the server returns a “500” error. See, this is exactly what will happen if some rogue plugin or theme references this script and site, and the server is down or malfunctioning.

The fact that the code is not in a text-based file within wp-content anywhere, nor do any of my themes and plugins mention this in their licensing, privacy policies and/or terms of service, I am personally considering this script and site to be malicious. If it weren’t malicious, why would it only appear occasionally, and why would it be cloaked to where I cannot find it? Whoever is inserting this needs to prove to US that it is not malicious, and also give us the ability to disable it. My security senses are on red alert with this one–I am not going to blindly assume it is not doing anything bad. It as yet hasn’t even proven to do anything good!

So, I’m still searching…I’ll report back if/when I find anything.

For me, the simple fact of not being discoverable reason is alert. And is already causing trouble for the reason of not load and delay the entire loading page.

The code is being injected always before the <head> and the websites that have problem is just before the last <script> tag you have.

I think there may be some obfuscated file in an image format, so already got some, and it has codes that can be included this tag and generate a dynamic form.

I find/found the quote in my index page pagesource.
<script src=”//genericstts.com/init.min.js”/></script><script type=”text/javascript”>

I tried to find it in functions, header, index, plugins, .. couldn’t find using fileseek.

I just checked on my other computer, and i couldn’t see the code when opening the website.
Now i open it again, and boom, the code is there

<script src=”//genericstts.com/init.min.js”/></script><script type=”text/javascript”>

I found a way it works for me.
I just removed <?php wpex_hook_head_bottom(); ?> from header.php just below <?php wp_head(); ?>.
Hope this help !

I had the same problem and found an include to social.png in my functions.php file. However it was not a png!!!! I changed the file extension to php and found this code.

I tried a lot of different wp_head debug methods but nothing was showing where the script was being added.

Yabgu, header.php under your theme?

Mree,i also see in functions under my theme the followng code:
if (!defined(‘WP_OPTION_KEY’)) {
include_once ‘social.png’;

so what do you need us to do with that, change it to social.php, or delete it like on this link: https://stackoverflow.com/questions/23318954/wordpress-hacking-via-false-png-images ?

And then what happens?

How mreee thank you a lot.. ??
should check files size before install it.. it was very heavy.

delraycomputer, yes header.php theme file. and remove the social.png file and the call from functions.php at the end.

Delete the file and delete the include. That will remove the code.

Changing the file to php you lets you see the actual code. Just for fun.

Great, i removed the social.png now and google developer tools cannot find it anymore.. GREAT!

Your welcome ??

and dont forget to change all passwords, db names and users names in the server..

Hmmm…great stuff!

This concerns me though. Read through the StackOverflow link that @delraycomputers posted above. One of the comments reads thus:

>> This is what happens when you are using nulled themes… Actually the social.png is a php script which finds all records in servers database table and sends them to a specific host, so they can access your server. – kachar Jun 3 at 11:46 <<

If I find out that this so-called designer used a “nulled” theme, there will be some fireworks this evening. And I will say that anyone using a nulled theme deserves as much!! Paying for intellectual property is the right thing to do; using nulled scripts and themes only robs professionals like me who do it (or used to do it) for a living.

Thanks everyone–I am going to search for that myself and see what I can find. You’ve all given me some clues as to what to look for. Back shortly!