Reputation: 37
Sucuri 404javascript.js security issue or internal server error
Just ran a scan and says that:
/404javascript.js is the infected URL: Site error detected.
Details: php-error-headers-already-sent
Warning:
Cannot modify header information - headers already sent by (output started at /home/myfreeca/public_html/wp- content/themes/valenti/header.php:86) in /home/myfreeca/public_html/wp-includes/pluggable.php on line 920
Its classed as 'Malware' via the Sucur test within iThemes, but as an 'Internal Server error' when checking the Sucur site. No 404javascript.js when I browse ftp either?
Line 920 of pluggable.php:
setcookie( AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN );
Line 86 of header.php:
<!--[if lt IE 7]><html <?php language_attributes(); ?> class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
Site functioning fine as I can tell, not sure if I have a security issue or just that I need to make a little change where required?
Anyone???
Upvotes: 3
Views: 12512
Answers (2)
Reputation: 154
I believe this is Sucuri's way of testing a WP site for malicious code or security errors. It looks for 404javascript.js and for 404testpage4525d2fdc to ascertain certain tings about your site. A positive hit will find a hidden redirect from a malicious htaccess file somewhere redirecting the site, but most likely, as it was in my case, it should return a 404 page, but what what seemed to be happening is that the way it was requesting it caused it to receive an unexpected 404 error which was then displaying the standard Internal Server Error page - and then calling this malware. So it was a false positive for me, and when I Googled it, it seemed to be so for others as well.
As far as I can see it has to do with either the Cpanel vhost or a security firewall (htaccess) redirecting traffic in a way that Sucuri believes it is being hijacked.
Upvotes: 3
Reputation: 373
Make sure there is not code before the start <?php of the pluggable or the header.php "Cannot modify header information" error can be caused in this kind of situation from hidden code or even whitespace characters on the top.
Sucuri also has a function to detect changes of wordpress core files make sure none is set to changed. If it is replace them with the original.
example:
<?php // Injected code --> scroll right there are usually many whitespaces and there is some obsfuscated php code ?>
<?php // Regular code of the original file starts here.
Upvotes: 0
Related Questions
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- How to use session_start in Wordpress?
- Reference - What does this error mean in PHP?
- headers already sent by Divi
- Issue when updating the password with wp_update_user()
- What does this Wordpress error mean? Warning: Cannot modify header information