• Resolved Adrien L

    (@adrien-l)


    Hi there,

    Nobody can login to a website I host. A colleague of mine could receive recovery mails for changing his password, although I can’t (I am user ID #1).
    The login screen is odd after a failure: it has the “<div id=”login_error”></div>”, but it is empty.

    I am self hosting (Debian 8 on Gandi.net). The last WordPress update (according to my mails) dates back from Jun. 19th: WordPress 5.2.2.

    I checked other WordPress installs I have on the same server, with the same SQL database, and I could log in.

    I went on to change my password through SQL:

    > UPDATE wp_users set user_pass=MD5(‘something’) WHERE ID=’1′;

    But I still get the same error.

    It’s maybe unrelated, but I have been hacked: I found 4 malicious files on the install folder, and my wp-config.php has been modified with an include of a malicious .ico file.
    I had a random-named php file from Feb. 14th 2018 looking like this: https://www.ads-software.com/support/topic/coinhive-crypto-jacking-malware-hack/
    And the hack with .ico files looked like this: https://blog.laserphile.com/2018/11/removing-persistent-backdoor-on.html
    I removed all found files (and cleaned wp-config.php). Still I am not certain the hack is not still undergoing.
    Most recent files date from May 8th 2019, which is about when I installed WPBruiser, whose scripts get loaded everytime we land on /wp-login.php .

    So, I have two questions:
    * How can I log in? I don’t really care that I’m hacked for now (I really have better things to do now), I just want my colleagues to be able to post their post.
    * When I have time, what should I do to clean my install? Can I remove anything that’s not wp-content, backup the DB, and roll a new site with some confidence that it will suffice?

    Thank you for your time. Don’t hesitate to ask more data.

    • This topic was modified 5 years, 3 months ago by Adrien L.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Since I’m unfamiliar with WPBruizer I’d probably disable that for a bit…

    Since you can’t log in to admin right now I’d FTP in or use my Control Panel’s File Manager and rename just that plugin’s directory by adding 1234.

    See if that doesn’t let you in.

    Else, try something from the article below to get in.

    https://www.ads-software.com/support/article/resetting-your-password/

    Once you gain access back run a Sucuri scan.

    https://sitecheck.sucuri.net/

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

    Let us know if you need more help.

    Thread Starter Adrien L

    (@adrien-l)

    You nailed it. Changing the WPBruiser plugin dir did the trick (actually it’s called “goodbye-captcha”, legacy…).

    I’d check if there hasn’t been any recent ownership changes for this plugin if I were the WordPress Security team…

    Do you have any other recommendation for a no-ReCaptcha anti spam solution, BTW?

    I’m now checking Sucuri, thanks.

    EDIT: The Sucuri plugin found the remaining malicious PHP files and the corrupted core files, I have good hopes that my install is clean now. Thanks.
    Also, I put a comment about my suspicions towards WPBruiser in the plugin page, and went with Akismet for the time being (although I don’t like its data leakage). I will put a math captcha sometime, it has always done the trick for me.

    • This reply was modified 5 years, 3 months ago by Adrien L. Reason: Solved
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Can’t login with no error message, even after changing password w/ SQL’ is closed to new replies.