Welcome to WebmasterWorld Guest from 184.108.40.206
My dev skills are minimal, and as a result, I need to rely in offshore web developers to help me configure my sites.
I hired web developers from India on Odesk to help me fix my half baked website redesign project that was abandoned by another developer I hired. The guy I hired (who had 5 star reviews) said that he was the "Project Lead" and that another developer would work on my site, under his guidance. I was a little annoyed by the bait & switch, however, I checked out the company's portfolio of sites, which included some I recognized, checked out the source code for SEO friendliness & hired them.
Not only did these guys leave the job unfinished, I discovered weird code added to one of my blog posts, with the edit log indicated that he was the last person to log in (code shown below).
As I'm somewhat new to this (please provide your answers in an easy, step by step noob friendly way):
1) Any idea what this code is and what it does? I did a Google search off a snippet (LeoHighlights_iframe) and find many sites that appear to have this code.
2) What best practices do you recommend when hiring and providing admin access to an offshore web developer sourced from Odesk or Elance?
- I gave him access to my entire public_html folder. Was this wrong? What ought I do in the future?
3) How do I scan or audit my website for malicious code?
4) Looking at this developer's code - it looks messy and I will still need to hire yet someone else to finish the job and clean up the code, resulting in more expense & headache.
Any tips on how to hiring & vetting offshore developers? I have had such bad experiences hiring India & Pakistan contractors I am considering only hiring from the Philippines.
Much thanks in advance!
Here is a snippet of the mystery code, as it is too long to publish:
<input id="gwProxy" type="hidden" /> <input id="jsProxy" onclick="jsCall();" type="hidden" />
<span id="leoHighlights_iframe_modal_span_container"> </span>
<div id="leoHighlights_iframe_modal_div_container" style="border: 1px solid black; position: absolute; visibility: hidden; display: none; width: 394px; height: 40px; z-index: 32768; background-color: white;" onmouseover="leoHighlightsHandleIFrameMouseOver();" onmouseout="leoHighlightsHandleIFrameMouseOut();">
on so forth for an entire page
It is often bundled with updates from Skype, consequently many people install it unintentionally. But it's a legit browser extension, and many people install it on purpose.
It rewrites stuff in web pages you visit, presumably helpful stuff like comparing prices on eBay and highlighting phone numbers for Skype. And it leaves a fingerprint just like the code you've quoted above.
There are also versions floating out there that are not actually by eBay. And there are trojans about that install a fake version of it in your browser, also not by eBay. And they do malicious things.
I can imagine that someone with this extension was working on your WP back-end, and published a post after all that hidden crap had been injected into it.
Anyways, check your browser extensions, remove that one if it's there, and also remove that extra code from your posts ASAP.
This isn't as hard as it sounds. Do a search for "how to install wordpress on your PC" or something similar and you'll find some good turorials.
Once you've installed WP and XAMPP locally, import your live databaase with all the posts, install your theme and any plug-ins you're using, and you'll have your own sandbox site to tinker with.