Recent Topics

1 May 31, 2010 02:20    

My b2evolution Version: 3.3.3

My server was hacked several days ago. someone added a script to every html.php page and now Google is restricting the site. is the hacker.

I have removed/over written every html and php page within the entire blog yet when I view source code on every post I still see the script - even on a brand new test page.

look for yourself but not in Firefox since Google is restricting it:

Every link within the blog also contains this script, but noone of us can find when it resides!

I cannot find if there is a linked on an included file that was also hacked. I have also checked the database but just found 1 session from this person which I deleted.

The script appears between the closing HEAD and first BODY tags.

<link rel="stylesheet" href="style.css" type="text/css" />

<script src= ></script>


If anyone knows how I can remove this code, what file it appears on, please let me know ASAP!

2 May 31, 2010 02:55

The script may be included anywhere, but most likely in either index.main.php or in your b2evo skin.

The actual file is so you may want to delete (or rename) it asap

3 May 31, 2010 05:38

thank you for your reply.

I have 3 skins installed, I removed everything else to be safe:

Both index.main.php or did not contain any questionable code.

I have no access to since this is the hackers domain

4 May 31, 2010 05:42

Can you PM me your FTP password? It has already been leaked to the hacker, so there's nothing to worry about :)

5 May 31, 2010 14:33

If you are running an opcode cache (like APC), make sure you clear it. You may have successfully eliminated the offending code, but a cached version might still be fighting you.

The script appears between the closing HEAD and first BODY tags.

That would definitely suggest the file, but check the file just to be sure.

Form is loading...