Suspicious code in header.php

  • Site had been hacked about two months ago. Upgraded to Premium Plan with VaultPress as part of remediation and things seem all good.

    Digging in themes/Portafolio/header.php and found what looks to be cookie-tracking code.

    Can anyone verify that the following code is not supposed to be there? Have put it in comments and nothing broke but want to be sure…

    [moderated - don't post hacking code]
Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter madjenja

    (@madjenja)

    Specifically, the following snippet is what tipped me off:

    https://22degrees.co.nz/wp/wp-content/themes/lightweight/main.php";echo "\n";echo
"https://alf-mutschelbach.de/wp-content/themes/lightweight/track.php";echo "\n";echo
"https://newsweetpix.com/assets/track.php";echo "\n";echo
"https://fugitif.eu/wp-content/themes/lightweight/atom-conf.php";echo "\n";echo
"https://morrow-technologies.com/wp-content/themes/lightweight/inc.php

    Run your site through this,
    https://sitecheck.sucuri.net//

    Thread Starter madjenja

    (@madjenja)

    Thanks kmessinger I have used that scan in the past but it didn’t pick up everything. VaultPress did pick up more, but again it didn’t catch all the injected code.

    Apparently its hard to detect some injected code…

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suspicious code in header.php’ is closed to new replies.

Tags