Anyone know what kind of malware is that ?
 

Got this injected on a file and before remove it wondering is anyone saw this before ?

I'm still a rookie playing around those file so better ask first lol.

<div style="display: none;" class="mdlWrap">
<div class="mdlOverlay">&nbsp;</div>
</div>

Also i see this in footer.php there is wp_footer(); function . Im sure this should not be there.

This is only one wordpress blog affected

Thanks

first part seems to be harmless by itself, depends what's in .mdlWrap and .mdlOverlay classes in css file.

wp_footer is normal in every wp theme, look up in functions.php what's under wp_footer.

how do you know it's injection?

Thansk to chime in :)

After wordfence scan got this message:
File Type: Not a core, theme, or plugin file from wordpress.org.
Bad URL: http://widgets.amung.us/small.js



(XXXXX = theme name ) Like i said not looking to put the developer in a situation where everyone on GFY using the theme will Rush to contact support instead to wait for the patch if the needs :winkwink:

File contains suspected malware URL: wp-content/themes/xxxxx/xxxx/footer.php
Type: File
Issue Found March 9, 2018 5:50 pm
Critical

"Brian in footer.php there is wp_footer(); function which loads all wordpress plugins
its very strange"

"the problem is that how this code entered in footer.php?
manualy ? who added that this is the problem"
<div style="display: none;" class="mdlWrap">
<div class="mdlOverlay">&nbsp;</div>
</div>

When the themes Dev wrote me this ^^^ i think this is what it mean because
he also said ; this is not part of the theme code




Thanks

I would block Russia Brian, one of my clients gets injected often from there, once I blocked the whole Country it stopped, but they just use a proxy..

wp_footer(); has to be in the footer of the theme or the admin bar will not show up.

The other code does nothing by it's self. You have to find javascript/jQuery that reference
classes "mdlWrap" and "mdlOverlay" to figure out what it does. If CSS only reference the classes then it's nothing but design tricks.


:2 cents:

so what was it at the end?

Thank you sir , i will try to find this my self this morning and email the dev of the theme to get an update from him about the issue.



Im getting ready to start my day and will be working on it shortly , Blackmonster have point out something and i will try to find it this morning.
Again im a rookie so can take me sometimes :). I plan to email the dev with the info i got and trying to resolved this.

CAN'T I LOVE my King-servers.com Hosting! Those guys on the support ROCK :thumbsup



Thank you All for your input and help.

you have a https://whos.amung.us/#widgets widget installed?

always update wordpress, plugins, and anything wordpress related :2 cents:

Yup we do, we are using the Auto-update for each wordpress site and monitoring daily from https://wordpress.com/stats/day where we have all our WP site on one page. Good advice. Thanks



no, not installed on my plug in dashboard but this is what wordfence buzzing about.

Thanks

I think the injector possibly my PC ...... :error

Anyone know Malware clean up for PC other than CC ? Im using that in regular basis already but clearly not enough . I know old news.

My buddy laught at me because he is using MAC and don't have those problem he said lol... Here for ya :321GFY :winkwink:

:) Thanks

Its probably not a wordpress plugin but its hardcoded into the theme.

wp_footer(); loads all your wordpress plugin css or js files bestia theme doesn't have any mallware or virus but you guys sometime drink to much and do not sleep.This theme is installed on more than 4000 websites and has been sold 1300+ times

is this normal?
https://image.ibb.co/kWBgZc/Schermat...e_13_04_46.png

https://image.ibb.co/kWBgZc/Schermat...e_13_04_46.png

TOTALY NORMAL when you play dumb shit with me.

STOP Blaming my PC, STOP Blaming my server. FIX YOUR SHIT BEFORE SELL IT.

Why you sell shit need to be fixed ??

SCAMMER SHIT:1orglaugh

https://mytubepress.com/store/bestia

Guys do not BUY this theme Developer will play you like a dummy after purchase.

The theme Let malware getting injected in your website.
BUYER BEWARE.......


PUSH THE FUCKING REFUND MOTHER FUCKER. :pimp

if you dont know what is wp_footer(); please check any footer.php of any other theme and read about it on wordpress.org.

Im not sure about your age but you are doing like a small boy (14 years old)
also I dont understand what do you mean with "STOP Blaming my PC, STOP Blaming my server."

I'm not a hacker and I've never seen your problem on other customers.

However thankyou.

https://s13.postimg.org/txx8z0jtj/xxxxxxxxxxxxxxx.jpg

Dummy developer AGAIN

https://s13.postimg.org/ecfxfgd4n/vvvvvvvvvvvvvvvvv.jpg

Dum fuck DEVELOPER :321GFY

Im sure you will find the problem in the future, when you understand that its not my problem will be late to say me sorry.
Good Luck!

Your Shit is CRAP..............

Learn to fix your shit before Sell it.

SCAMMER sell shit and tell you oh wait for the next release when you discover bugs after installation.

ASSHOLE :321GFY

:D you think that I got control of your pc and server with this theme?

Its so funny sometimes I dont know what to do, to laugh or cry.

Of course is the Client server the problem. Even though there was no issue on any website before installing your CRAP . OK

I think you should Get a fucking job.. OH no sorry you got one SCAMMING PEOPLE on internet. :1orglaugh

:321GFY

SCAMMER SELLING SHIT SCRIPT blaming now on my pc and server.



Say the guy SELLING SHIT SCRIPT.

How did you understand that?
Normaly I like to work on my themes and to help my customers but when someone deosn't tell me the problem and starts saying fuck you, mother fucker etc its not so easy.

His scanner is wordence and it shows the footer.php thats all but this guy is saying that I got also his computer control.

so the footer.php is calling goole plus button which can be disabled in theme panel, footer.php calls also theme scripts like jquery lazyload and other required scripts.

Someone point out something about your Theme :helpme
https://gfy.com/webmaster-q-and-fuck...l#post22237227

:upsidedow


Hey mother Fucker im REALLY NICE WITH YOU SINCE DAY one.
NOW you start playing dummy shit , so this is what you get the other me. FUCK YOU NOW

hmmm motherfucker?


CHECK THE SPEED!

https://gtmetrix.com/reports/xteenshd.com/uKgHU5AL
https://developers.google.com/speed/...teenshd.com%2F
https://developers.google.com/speed/...com&tab=mobile

Thankyou Brian, I like your sympathy and I hope its not infectious!
;) Ciao...

Make your self a favor:

1- STOP selling your script if they have bugs
2- FIX your shit
3- if #2 dosen't work Go back to school to learn coding again.
4- GO FUCK YOUR SELF

:2 cents:

very sophisticated behavior, i am sure now the other developers will be happy to work with you :)

TAN CENTER Thankyou for your suggestions I will keep in mind.

:) The thing is when i purchase a script i expect their support to handle their shit. :) Why i would purchase a script from dev 1 and looking for dev 2 to fix his shit ? Dosent make sense or i would be stupid to purchase a script/ theme with no support :)

I have start this thread in a good way and have really try to work things out.
But When i feel the dev just playing dumb shit with me well yeah. Kind of pissing me off.

:pimp

You said me that you have 3 sites with bestia and the problem exists only on one website now you are saying that Im a shit? Guy! You are really awesome! I have no words and wont reply any more to your comments.

1. If you check my skype screenshot there is the response post time you can say nothing to my support.
2. wp_footer(); is required on all wordpress themes or it doesnt work without it.https://codex.wordpress.org/Function...ence/wp_footer

Please wait your paypal case to finish and sleep some hours you will see that you'll feel better.

Thankyou to all other people who replied under this topic.
Belive me guys I'm not a hacker and there are no ways to get his pc's control with a theme.

:error:error:error NOT ANYMORE I HAVE REMOVE YOUR SHIT Theme and deleted.
Why i would keep using something injecting Malware/ virus . :1orglaugh:1orglaugh Dumb fuck

There is nothing wrong with your adult wordpress theme

You received what is referred to as a false positive on your virus scan which happens often

wp_footer() is a wordpress hook which makes theme development easier by adding all of the core essentials with this simple hook, you will find this in any wp site

div style="display: none;" class="mdlWrap">
<div class="mdlOverlay">&nbsp;</div>
</div>

Believe it or not this is how your theme uses the google plus button , again everything is normal - take a shot of whisky and calm down

You can remove this if it makes you feel better, we have removed all google plus info from our themes because adult themes generally do not use google plus and by removing ana scripts associated with this google + button your page score will increase

This not unreasonable at all. I am NOT in support, but I happily handle my own shit on a daily basis.

Being able to handle other peoples would just be a bonus :2 cents:

:drinkup:drinkup:drinkup Thanks for the explation on this. But a Developer SELLING & building theme should know what this code is instead to reply like an iditio like bellow :1orglaugh

:1orglaugh:1orglaugh:1orglaugh:1orglaugh

You need a wall :1orglaugh
Not normal but typically))

For him? Yes, it is pretty normal.

.

:1orglaugh:winkwink::1orglaugh

Use this comrad)) in the next time)
https://revisium.com/aibo/

Thanks will keep that in mind for future reference.

Appreciated :thumbsup

Brian I updated my response, I just went in an looked it's the overlay for the google + button, and you can remove this without harm - I actually have previously removed a few files with the google + button info

While not spending much time looking/thinking at this since I have enough management problems of my own, I would say...

If you are looking at the php output and looking for the source of bad html output, look also at the theme and plug-ins. They can overlay anything anywhere since it is all php.

There are sftp programs that will let you look inside of all files for matching strings of code automated. Makes it easier but does take time. Better than by hand/eyeball.

If you determine you have been hacked, I would say stop doing things in a/the standard way.
Your making it to easy.

:upsidedow and :upsidedow

Thanks for the tips appreciated, :thumbsup


unique name server, unique ip, unique ftp, unique password for each website . what do i miss ? :1orglaugh

Oh yeah i know now STOP buying and trying new Theme :pimp :thumbsup Easy fix lol

The most common Wordpress injections are probably through too loose of security on file/folder permissions. All security should be as tight as possible while still allowing the site to operate.

If you do not need uploads then the uploads folder should not be 777, same with cache folders and other commonly "left wide open" folders.

There should be no plugins installed or present in the plugins folder that are not being used. Same with themes, if you are not using the theme remove it from the server.

Wordpress is a security mess in my opinion.

.

Don't forget to remove wp_footer(); from NEW THEME's footer.php :pimp :thumbsup

https://gfy.com/22237207-post17.html

reread your reply before post any reply. Your the dev and not me You should know What that code is DUH. :1orglaugh