HTTP/1.1 500 Internal Server Error after malware attack

  • Hello guys, all of my websites (for example: https://www.Dota2hook.de and https://www.wowcast.de) on Bluehost have been hacked/attacked and got on many of the .php files bad eval code (https://pastebin.com/KB1NgqzN). I have been cleaning the crap on Dota2Hook.de website for about 5 hours now, but still no effect.

    The big Question/Problem is, that even on https://sitecheck.sucuri.net/scanner/ they cant tell me what the hell is going on, because the website is ‘blank’. I cannot access the wp-admin or anything else beside cPanel. I tried talking with the Bluehost Support Profis (3-4 different) but nobody had ANY idea what is happening.

    I have tried deleting the plugins folder, but site didnt go up aswell, i think i might just try and error delete a lot of the stuff.

    My htaccess file looks ok as well i think: https://pastebin.com/HgwU1RYc

    I really need your help, im kinda depressed and about to cry :/

    ps. atm im trying to do something with the ssh, but atm no good results.
    pps. I was thinking of trying the sitesecury service, but i am not sure if it will make any difference, because in 1 jear i will probably get hacked again. (so maybe someone of you knows any ‘guy’ that works per job?)

Viewing 4 replies - 1 through 4 (of 4 total)

  • Do you have access to server/site error logs? They might be useful in tracking fatal errors down.

    Thread Starter dota2hook

    (@dota2hook)

    Doesnt look that nicely, i can try to get it into another progrem if you sugest one. https://pastebin.com/pgqgwe3x

    Thread Starter dota2hook

    (@dota2hook)

    The one error on line 192:

    foreach ( $quant as $unit => $mag )
		if ( doubl// Mysql string Year
	$mm = substr( $mysqlstring, 8, 2 ); // Mysql string Month
	$md = substr( $mysqlstring, 5, 2 ); // Mysql string day
	$day = mktime( 0, 0, 0, $md, $mm, $my ); // The timestamp for mysqlstring day.
	$weekday = date( 'w', $day ); // The day of the week from the timestamp
	if ( !is_numeric($start_of_week) )

    that are lines 190 to 195 and i dont see any problem..

    PS. On Dota2Hook.de i have been deleting the eval code, and so it doenst come back i have made 0444 Permissions. (because i have no idea where the backdoor is + i am suspecting bluehost for it)

    Try re-uploading all files & folders – except the wp-content folder – from a fresh download of WordPress. Make sure that you delete the old copies of files & folder before uploading the new ones.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘HTTP/1.1 500 Internal Server Error after malware attack’ is closed to new replies.