cjchamberland

I did install the WP Crontrol, didn’t see anything out of the ordinary.Just shows a single job:

updraft_backup_database None 2015-01-06 03:45:00 (now) 1 day

It has seemed to settle down but it’s still doing two a day – about 2-15 minutes apart. the only one that has view logs next to it is the two for Jan 04, and there’s no error messages – looks like they were both successful. Downloaded both and they are the same size. The one for today is running now apparently so we will see if it’s going to only do 1 or 2.

Jan 05, 2015 5:31
Jan 05, 2015 5:17

Jan 04, 2015 6:40
Jan 04, 2015 6:25

Jan 03, 2015 4:48
Jan 03, 2015 4:46

Dec 31st or Jan 1st – the database server went down (because their db was out of space).

Starting January 1st, the Updraft plugin started generating multiple database backups instead of the 1 daily they had scheduled. What I provided above was the list of backups from the 2nd (because they already deleted all the ones from the 1st).

I am well aware that the backups aren’t stored in the DB, what I wanted to know was if the database server went down, could it be the cause of the plugin generating multiple backups instead of just 1 like they had scheduled? Not all of them have “view log” buttons next to them either so it’s making it difficult to find the issue.

Now works like a charm, ripped everything out and started over, ended up with this:

.tablepress-id-5 .img_scale {
max-width: 18px;
height: 18px;
display: block;
margin: 0 auto;
}

.tablepress-id-5 .logos {
max-width: 75px;
height: 20px;
display: block;
margin: 0 auto;
}

.tablepress-id-5 .column-1 {
font-weight: bolder;
text-align: center;
}

.tablepress-id-5 .row-2 {
font-weight: bolder;
text-align: center;
}

.tablepress-id-5 .column-1,
.tablepress-id-5 .column-2,
.tablepress-id-5 .column-3,
.tablepress-id-5 .column-4,
.tablepress-id-5 .column-5,
.tablepress-id-5 .column-6,
.tablepress-id-5 .column-7,
.tablepress-id-5 .column-8,
.tablepress-id-5 .column-9,
.tablepress-id-5 .column-10,
.tablepress-id-5 .column-11,
.tablepress-id-5 .column-12 {
height: 40px !important;
text-align: center;
}

.tablepress-id-5 th.column-1.sorting,
.tablepress-id-5 th.column-2.sorting,
.tablepress-id-5 th.column-3.sorting,
.tablepress-id-5 th.column-4.sorting,
.tablepress-id-5 th.column-5.sorting,
.tablepress-id-5 th.column-6.sorting,
.tablepress-id-5 th.column-7.sorting,
.tablepress-id-5 th.column-8.sorting,
.tablepress-id-5 th.column-9.sorting,
.tablepress-id-5 th.column-10.sorting,
.tablepress-id-5 th.column-11.sorting,
.tablepress-id-5 th.column-12.sorting {
height: 44px !important;
text-align: center;
padding: 2px;
background-color: white;
}

Hope it helps someone else!

Well, I did find that turning off the “Table Head Row” fixed it, but unfortunately the client wants all the features only available if that’s turned on. At least I know it’s something there….I’ve tried the !important and making the table fixed – nada. Guess I’ll keep at it….

I’ll try some of these suggestions and see if any of those help. For a while I thought I was going crazy trying to figure it out lol. If any work I will definitely share!

It is tricky – I know that the table is being flipped and that the first column is actually the th, however when I increase the size of the columns with the data to 56px, then the th increase to 72px, even though I specifically set it to a height. Originally, it was 40px, but when I increased the columns to that, it became 56px – see the problem? I’m setting it manually using the cusotm css. Maybe I’m doing something wrong there?? does it have something to do with the .sorting class? Here’s what I have:

@media (max-width: 900px) {

.tablepress-id-5 {
clear: both;
}

.tablepress-id-5 thead th,
.tablepress-id-5 tbody td {
height: 40px;
line-height: normal;
}/*not doing anything for the layout
.tablepress-id-5 .column-1,
.tablepress-id-5 .column-2,
.tablepress-id-5 .column-3,
.tablepress-id-5 .column-4,
.tablepress-id-5 .column-5,
.tablepress-id-5 .column-6,
.tablepress-id-5 .column-7,
.tablepress-id-5 .column-8,
.tablepress-id-5 .column-9,
.tablepress-id-5 .column-10,
.tablepress-id-5 .column-11,
.tablepress-id-5 .column-12 {
height: 56px;
text-align: center;
}
*/

}

.tablepress-id-5 .img_scale {
max-width: 18px;
height: 18px;
display: block;
margin: 0 auto;
}

.tablepress-id-5 .column-1 {
font-weight: bolder;
text-align: center;
}

/*.tablepress-id-5 .column-2 {
height: 40px;
}
*/
.tablepress-id-5 .column-1,
.tablepress-id-5 .column-2,
.tablepress-id-5 .column-3,
.tablepress-id-5 .column-4,
.tablepress-id-5 .column-5,
.tablepress-id-5 .column-6,
.tablepress-id-5 .column-7,
.tablepress-id-5 .column-8,
.tablepress-id-5 .column-9,
.tablepress-id-5 .column-10,
.tablepress-id-5 .column-11,
.tablepress-id-5 .column-12 {
height: 56px;
text-align: center;
}

You need to start working your way through these resources:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

If you don’t follow the steps in these articles, chances are you will continue to be compromised.

Sounds like you’ve been hacked. Start working your way through these:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/
https://www.google.com/webmasters/hacked

Sounds like you’ve been hacked. Start working your way through these:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/
https://www.google.com/webmasters/hacked

If your site has been hacked, these are the suggest resources:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

If the file is being created by the Apache user, why do you think it’s being done via your database? Are you on a shared hosting account or do you have your own dedicated server, VPS, etc.? Is there any type of access via Telnet or SSH?

There’s always the possibility that the problem lies beyond your site. The server may have been compromised, and not just your site/database. Without knowing any information about your setup, it’s impossible for anyone to give you any specific details on what to look for.

<p>I just went to your site to try and check it out, (automated scanners are not 100% fool-proof) but your site appears to be broken at the moment so it’s really hard to determine what the issue might be.
</p>
<p>Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked ? WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress ? WordPress Codex.</p>
<p>Change all passwords. Scan your own PC.</p>
<p>Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting
</p>

What you have is typically a FTP account compromise or timthumb vulnerability but without checking the server logs for sure, it’s just an assumption.

Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked ? WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress ? WordPress Codex.</p>
<p>Change all passwords. Scan your own PC.</p>
<p>Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting
</p></div>

You said you changed all your passwords, does that include FTP as well as your hosting control panel? Have you also looked for FTP accounts that are no longer in use and should be removed?

You don’t have an index.html in category/reviews, those are “permalink” generated url’s. If you do a view source on that page, you see an iframe injected at the top of the file.

First thing you need to do is FTP into your hosting account, check your main index.php, at the top will be a line of code that looks like

<?php base64....

Remove that. Also check the index.php and header.php of each of your theme directories, it’s probably in there as well.

Once you’ve cleaned it out, you need to locate the backdoor that allowed them to inject the code in your site, usually they hide this somewhere in your images, uploads or plugins directory. You also will need to upgrade wordpress to the latest version if you haven’t already and change all your passwords.