Quarantined file and now site is down – Internal Server Error

  • Resolved rvc2

    (@rvconnelly)


    8 years, 1 month ago

    Hello Eli:
    I’m hoping you can tell me how to get my site back up via FTP. Your plugin indicated that by quarantining this “known threat” (_adminer.php) the site “was not broken.” So, I proceeded to leave it quarantined and did not revert. Unfortunately, now the site is down and I cannot get back to the WP dashboard.
    The file, identified as a known threat by your plugin, is: _adminer.php. It is still in public_html in an FTP directory view but it has a different “modified” date.

    Is there any to move the file from Quarantine back to its original location via FTP?

    The site is: https://collaborateny.com .
    Any assistance would be greatly appreciated. Thanks.
    -Bob C.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Eli

    (@scheeeli)

    That _adminer.php file is not supposed to be there, but removing the file could cause an error if it is included from another file. The quarantine should have removed all the malicious code from the file but if there is anything left in the file then it could be causing this error. If you are sure that the file is now empty and you are still getting that 500 error then you should check the error_log files on your server to see what is actually causing that error.

    Thread Starter rvc2

    (@rvconnelly)

    I got a hosting provider support rep on the phone to help me do a restore to get the site back online. He checked a few things first thankfully. It turns out that when disabling the .htaccess file, the site came back online. Great news. Here’s the code from the file which is now disabled: 

    <Files xmlrpc.php>
Require 70.180.184.244
</Files>
# END GOTMLS Patch to Block XMLRPC Access
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    [Moderator note: code fixed. Please wrap code in the backtick character or use the code button.]

    WordPress quickly created a new .htaccess file of course but without the first 4 lines shown above.

    The first 4 lines are from your plugin. My fault, I forgot that I enabled the option “Block XMLRPC access” when I was in your plugin updating definitions just prior to the malware scan. That seems to have caused the problem. Wanted to make sure to let you know. I would like to disable xmlrpc access but for now I’ll let it go. Not sure why it wreaked havoc.

    Thanks again for getting back to me so quickly. Especially on a weekend. -Bob C.

    • This reply was modified 8 years, 1 month ago by bdbrown.
    Plugin Author Eli

    (@scheeeli)

    Thanks for catching that bug, you must be using Apache 2.4, it should have said:
    Require ip 70.180.184.244

    …but the “ip” was missing. I just fixed this and released a new version 4.16.49

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Quarantined file and now site is down – Internal Server Error’ is closed to new replies.