Besides that, I used to have Yoast installed, but I replaced it with RankMath.
Could it be that hackers are trying to inject HTML pages, but Wordfence ignores/deletes it, so it appears as 404?
Any help is more than welcome.
]]>so I noticed our website doesn’t work anymore (loads eternally and then delivers a 504 Gateway Time-out message) and our hosting provider told me there has been (or there is) an attack on the site.
I believe it’s been going on for a week now.
I can’t access the WP admin panel in any way. I wanted to upload a backup, but the provider said it won’t change anything (and they were right, I tried it but nothing changed).
The provider says they could see an attack on xmlrpc.php. I deactivated it through .htaccess, but without success:
# BEGIN WordPress
# Die Anweisungen (Zeilen) zwischen ?BEGIN WordPress“ und ?END WordPress“ sind
# dynamisch generiert und sollten nur über WordPress-Filter ge?ndert werden.
# Alle ?nderungen an den Anweisungen zwischen diesen Markierungen werden überschrieben.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<Files "xmlrpc.php">
Require all denied
</Files>
(the code before # END WordPress was already there and I didn’t touch it)
The provider also told me there is (or was) a brute force attack on the backend, and that I should hide the login page. They linked me to a plugin that does that, but the problem is that the site doesn’t work and I can’t access the admin area to even install a plugin.
Alright, so I figured out how I could install such a plugin through FTP and phpmyadmin, and I managed in fact to install the plugin “WPS Hide Login” and I even managed to activate it through phpmyadmin.
The problem now is: I don’t know how to make any changes to the plugin via phpmyadmin, which I will need to do because I will have to tell it where to move the login page to (I guess). However, I couldn’t find anything in phpmyadmin that contained the words “login”, “admin”, “wps”, “hide” or “redirect”. Perhaps someone is familiar with this plugin and how I select a new location for the login page?
The provider also told me it was the WAF (I guess web application firewall) that was under attack.
They also recommended me to install a .htpasswd to stop the attacks. I tried it, but it didn’t work. The problem here is that I’m unsure about the path. I tried using a PHP line that I put in the root folder to find out the root link, but the site doesn’t load, so that method didn’t work. I was told by the provider that the path I used was in fact correct, but I guess a “Internal server error” message, which, from what I’ve read, appears when the wrong path was used.
The provider also says that the error log states that the user I tried to login with through the .htpasswd does not exist. It was a random username I chose that I added to the .htpasswd file, so not sure how it can be wrong. It happens to be the same username that I use to get into the FTP. But I tried different usernames in the .htpasswd as well and it never worked.
It is becoming urgent now because my client is wondering what is happening. Does anyone have an idea what I could do? I’ve really become desperate at this point, to just fix this damn problem.
Thanks so much for reading!
]]>I have tried on several browsers:
I think Darklup website has been hacked!
In Chrome, it briefly shows and then taken to:
“Checking your browser” imitating Cloudflare
BUT it ask you to CLICK on ALLOW Notifications which no legitimate website does.
Kaspersky gives a warning.
In SafarI -SAME
Kaspersky gives a warning!
I have 36 webpress sites hosted on HostGator. On checking CPU Load % sometime I found it being quite high in a short period. Please advise how to check which websites were hacked ?
Can I check it on cPanel -> Metrics -> Raw Access ? If YES, please advise HOW?
Thanks in advance.
Regards
]]>Thanks
Vani Repaka
Warning: require_once(/web/htdocs/www.unostudio.net/home/wordpress/wp-admin/includes/class-custom-background.php): failed to open stream: No such file or directory in /web/htdocs/www.unostudio.net/home/wordpress/wp-includes/theme.php on line 2648
Fatal error: require_once(): Failed opening required ‘/web/htdocs/www.unostudio.net/home/wordpress/wp-admin/includes/class-custom-background.php’ (include_path=’.:/php7.1/lib/php/’) in /web/htdocs/www.unostudio.net/home/wordpress/wp-includes/theme.php on line 2648
Si è verificato un errore critico sul tuo sito web. Controlla la casella di posta dell’amministratore del sito per istruzioni.
Please help me!!!!
]]>