chris ball mba

Well, tried all of the above including adding define(‘CONCATENATE_SCRIPTS’, false); to the config file. Truly stuck

Hi

yes tried that, turning off the theme will destroy the site and I’ll have to build from scratch ?

The theme was working fine on the site that we downloaded and then uploaded to this new domain (with no changes) so I’m thinking some sort of wordpress issue.

Google search suggests :-

“Ok, next up, try adding define(‘CONCATENATE_SCRIPTS’, false); to your wp-config.php file just below the define(‘DB_HOST’ line.
To do so, access your server via SFTP or FTP, or a file manager in your hosting account’s control panel (consult your hosting provider’s documentation for specifics on these), and edit the file with a plain text editor.”

??

Chris

Hi

thanks for taking the time to reply. I’ve tried checking and unchecking, logging out between each change and then back in again…. no luck

Chris

Hi

thanks for your reply, events have moved on it seems that the site has been infected with some malware called wp-darkshell so I assume that this added the file to Kebo plugin.

We are on with fixing this with the help of the host but have no idea how it happened, if anyone has any advice on securing WP then we’d be glad to hear from them. Some info on this hack is below, we indeed had the notification from Google on search console

Cheers
Chris

——————————————————————————-
#Dark Shell Injected via WordPress hacks to create a shell backdoor to your site/server. Allows uploading of arbitrary files or slingshot attacks. Typically used to edit .htaccess files and create SEO related hijacks. provides very basic interface which can be used to inject better shells.

Symptoms

Your site has weird Google results you do not recognize
You get notification from Google Search Console that your site has new ownerhsip or changes made that you are unaware.
Detection

Filenames can differ. Don’t rely on filenames or directories.
look for keywords like port_scan
e.g. grep -rl “port_scan” <directory>