Suspicious script

  • Hello,
    I would like seeking help from wordfence expert about this script. Does it script really suspicious?

    https://postimg.cc/D8Rm1Z50

    Around 3 days ago before using wordfence, i found that script from awsnap viewer. Just for preventive step i change my theme to twenty-twenty and all become clear. I reinstall my theme so i think i will get new fresh instalation theme folder and look clear.

    But now it appear again. Please also guide me how to secure it of it really suspicious.

    Really hope your help. Thank you

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @wpjakarta,

    It does look strange, but I don’t think any of the script links will even load properly. Some of them begin with hxxps://, instead of the properhttps://`.

    Even if they were using the proper protocol (https), they still wouldn’t be loading in anything malicious.

    https://c0.wp.com/c/5.3.2/wp-includes/js/jquery/ui/datepicker.min.js is the correct URL for the datepicker JavaScript include.

    https://gmpg.org/xfn/11 is not malicious either.

    Dave

    Thread Starter TokoDaring.Com

    (@wpjakarta)

    hi dave, thank for your reply, then i try to tell you chronologicaly so maybe it can be easier to make conclusion.

    (i) i run 2 site which are using different (premium) themes from the same vendor.
    (ii) 1st site running without pagebuilder (widget only), 2nd site with pagebuilder.
    (iii) Setting, plugin installed almost the same.
    (iv) setting of caching plugin is exactly same.
    (v) all my two site showing the same strange script like above.
    (vi) i change the themes of the two site to twenty-twenty.
    (vii) my 1st site keep running with twenty-twenty until now and still looking good.
    (viii) but my 2nd i revert it to use previous theme so it have fresh folder instalation.
    (ix) unfortunately even it have fresh instalation but the strange script like coming back again.

    since the caching plugin and the setting is the same so i’m not conclude this is a part of optimization of the site. i more to point problem coming from my theme.

    p.s.
    this is not support question and but i would like to send the complete script
    < !DOCTYPE html> < html class="no-js" lang="id-ID"> < head> < meta charset="UTF-8"> < link data-optimized='2' rel='stylesheet' href='hxxps://my-domain-name.com/min/dc08a.css' /> < link rel='stylesheet' id='wp-block-library-css' href='hxxps://c0.wp.com/c/5.3.2/wp-includes/css/dist/block-library/style.min.css' type='text/css' media='all' /> < link rel='stylesheet' id='wp-block-library-theme-css' href='hxxps://c0.wp.com/c/5.3.2/wp-includes/css/dist/block-library/theme.min.css' type='text/css' media='all' /> < link rel='stylesheet' id='ap-jquery-ui-style-css' href='//ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css' type='text/css' media='all' /> < link rel='stylesheet' id='jetpack_css-css' href='hxxps://c0.wp.com/p/jetpack/8.0/css/jetpack.css' type='text/css' media='all' /> < sc?ript type='text/javascript' src='hxxps://c0.wp.com/c/5.3.2/wp-includes/js/jquery/jquery.js'> < / sc?ript > < sc?ript data-optimized='1' src='hxxps://my-domain-name.com/min/08c87.js' defer> < / sc?ript > < sc?ript type='text/javascript' src='hxxps://c0.wp.com/c/5.3.2/wp-includes/js/jquery/jquery-migrate.min.js' defer data-deferred="1"> < / sc?ript > < sc?ript type='text/javascript' src="hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js' defer data-deferred="1"> < / sc?ript > < sc?ript type='text/javascript' src='hxxps://c0.wp.com/c/5.3.2/wp-includes/js/jquery/ui/core.min.js' defer data-deferred="1"> < / sc?ript > < sc?ript type='text/javascript' src='hxxps://c0.wp.com/c/5.3.2/wp-includes/js/jquery/ui/datepicker.min.js' defer data-deferred="1"> < / sc?ript > < meta name="viewport" content="width=device-width, initial-scale=1"> < link rel="profile" href="hxxps://gmpg.org/xfn/11">

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Suspicious script’ is closed to new replies.