cipals15
Forum Replies Created
-
Forum: Plugins
In reply to: Remove render-blocking JavaScript@esmi: Do you have any idea on when will they update it to meet PageSpeed criteria?
Forum: Plugins
In reply to: [Jetpack - WP Security, Backup, Speed, & Growth] Defer stats.wordpress.com.jsI also have the same question?
Any help would be appreciated.
What should I do if advanced-cache.php isn’t there?
Forum: Fixing WordPress
In reply to: Silence is Golden Attack on my wordpress blogOk. I thought it was the cause of the recent error 500 Internal Server Error.
Googling is a friend.
Regards,
cipals15Forum: Fixing WordPress
In reply to: wp-config.php – what should i do to increase protection?Thanks. I haven’t seen that part before. ??
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpOk. I have already sent it to your email.
Please get back to me for possible discoveries. Our IT team was also interested with the file. Weirdos! LOL…
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpUPDATE:
Found the possible backdoor file. ( .nfs00000000010fea6a000647f3 ) Please confirm if this is a malicious file or a false positive.
I have grabbed a copy and deleted the file on the server.
It might be an important WordPress file.
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpI have contacted them. They said they have run a script to remove it. However, there were remnants of the attack that i have seen which i think was not deleted by script they used.
A certain file in the cache folder so i deleted it immediately. That’s the same file i found to be malicious on wp-includes/ folder.
Anyway, i love doing it the hardway. I will learn alot through it. Thanks for the hack report. Yeah. You were ‘no. 1’ in search results.
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpI have found some of those POST logs:
a. 97.74.180.1 – – [02/Nov/2010:00:10:04 -0700] “POST sugod.com/lyrics/wp-cron.php?doing_wp_cron HTTP/1.0” 200 – “-” “WordPress/3.0.1; https://sugod.com/lyrics”
b. 97.74.180.1 – – [02/Nov/2010:00:24:33 -0700] “POST sugod.com/lyrics/wp-cron.php?doing_wp_cron HTTP/1.0” 200 – “-” “WordPress/3.0.1; https://sugod.com/lyrics”
c. 97.74.180.1 – – [02/Nov/2010:00:27:57 -0700] “POST sugod.com/lyrics/wp-cron.php?doing_wp_cron HTTP/1.0” 200 – “-” “WordPress/3.0.1; https://sugod.com/lyrics”
d. 97.74.180.1 – – [02/Nov/2010:00:34:59 -0700] “POST sugod.com/wp-cron.php?doing_wp_cron HTTP/1.0” 200 – “-” “WordPress/3.0.1; https://sugod.com”
e. 97.74.180.1 – – [02/Nov/2010:00:36:28 -0700] “POST sugod.com/wp-cron.php?doing_wp_cron HTTP/1.0” 200 – “-” “WordPress/3.0.1; https://sugod.com”
With these samples. It seemed that wp-cron is doing something. Please further explain this. Thanks.
Forum: Fixing WordPress
In reply to: Can't get images side-by-sideHmm.. Can you send the link to the ‘messed up’ post? Thanks.
I recommend using Firefox add-on named: “Firebug” which helps you analyze HTML files easily through some visualization improvement.
Link here: https://addons.mozilla.org/en-US/firefox/addon/1843/
Thanks.
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpHere is a chunk of the log file:
97.74.180.1 – – [02/Nov/2010:23:58:24 -0700] “POST sugod.com/wp-cron.php?doing_wp_cron HTTP/1.0” 200 – “-” “WordPress/3.0.1; https://sugod.com”
125.5.38.115 – – [02/Nov/2010:23:58:23 -0700] “GET sugod.com/actor-kirk-abella-mistakenly-shot-dead-in-cebu/ HTTP/1.1” 200 17730 “https://www.google.com.ph/search?client=firefox-a&rls=org.mozilla:en-US:official&channel=s&hl=tl&q=Kirk+Abella&um=1&biw=1280&bih=857&ie=UTF-8&sa=N&tab=iw” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 ( .NET CLR 3.5.30729)”
125.5.38.115 – – [02/Nov/2010:23:58:26 -0700] “GET sugod.com/wp-content/themes/arthemia/style.css HTTP/1.1” 200 10608 “https://sugod.com/actor-kirk-abella-mistakenly-shot-dead-in-cebu/” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 ( .NET CLR 3.5.30729)”
Please explain what do each division do represent.. or any information you know with this log file. Thanks.
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpThe logs only showed an IP address, a date, and GET as well as URL. Which of these should I look into? What pattern or movements should I watch?
Its a very long list and i don’t have the luxury of time to go through all of it.
Hoping to have a good input from you.
Thanks.
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpUPDATE:
Its spreading fast. Yes. It had affected all PHP files not only in my WP. Is it a GoDaddy-wide outbreak? or had it affected other webhosting companies?
Forum: Fixing WordPress
In reply to: Can't get images side-by-sideI think this class=”p3-insert-all size-full alignnone” is giving the problem.
As a solution, replace it with:
style=”float: left;”
Forum: Fixing WordPress
In reply to: Found some malicious code inside l10n.phpThat’s one great story. LOL! But i realized the previous attack was solved by GoDaddy. Where i just woke up and saw a clean WordPress Install.
Now, i’m trying my very best to find the culprit and protect my existing wordpress Install.
I have learned alot because of this attack. I mean alot that i will treasure for the rest of my life.
To those who are currently solving the problem. please post what you find out in your wordpress powered site. I can’t find any other malicious things except those.
I’m currently going through on how to use Firefox’s Live HTTP Headers. Maybe it’ll help.