clivesgt

hi
i’ve been hacked a few times. i keep hoping that by updating to the latest version of wordpress will solve my problems but it doesn’t. then i realised that the hacker had installed malicious code on my server after hacking my site, way back. all i was doing when i updated was updating the wordpress files but the malicious code was always still there so the hacker had an open door all the time, even though i had the latest version of wordpress running. i also realised that they had managed to somehow install code on my server which enabled them to send out spam email, some even using my email address as the sender! so beware, don’t be fooled into thinking that by updating to the latest version of wordpress, that your site is secure. you can read about my experiences here

regards

clive

hi
i also believe i have been hacked. i have been experiencing problems with my site for some time now, perhaps the most noticible symptom was this:

WordPress database error: [User ‘???????’ has exceeded the ‘max_questions’ resource (current value: 50000)]
SHOW TABLES;

there is a discussion on this forum where i also posted my problem. then occassionaly my database would be hacked so that i would have to restore from a backup. this happened a few times over a month or so. i also noticed that i was getting high volumes of spam mail (viagra, watches, shoes and penis emlargement)

i then checked the files and folders on my site and removed ones that looked suspect, restored my database and changed all user names and passwords. it worked….then all i got was a blank page but i am able to log in so i reselect my theme and view the site. its back and works perfectly….for a while then a blank screen again. so i select the classic theme and it works….until now when i tried to access my site i get the installation page, enter blog title and email. i am given a user name and password and am told my new blog has installed successfully. of course the database is gone.

so i suspect that there must be some hack file within the plugins that i have installed or within the database backup that i keep restoring as i deleted all the other wordpress files and theme files, loading “clean” files.

my question now is, how will i be able to screen the backup and plugin files (plugin not so important because i can download from original sites) but the backup contains all my posts, etc!!

appreciate any help.

thanks.

clive

i forgot to include a snippet from the config file:

define( ‘WPCACHEHOME’, ABSPATH . ‘wp-content/plugins/wp-super-cache/’ );
define(‘WP_CACHE’, true);

the installation instruction mentions a line beginning with …require….as there is no such line, i assume that it should read …define…is this correct?

thanks

clive

hi

i am also getting the same error message :

WordPress database error: [User ‘???????’ has exceeded the ‘max_questions’ resource (current value: 50000)]
SHOW TABLES;

i contacted my host and they said it’s because (not sure of technicalities but) the max number of permissible queries per user is set to 50 000 per hour. once it reaches this limit, it blocks any more queries until the hour is up then it is reset.

the problem with my site is, that every so often my site just displays a very basic page, no posts, etc. when i try and login, i find that there is no database. if i go to phpmyadmin, all the data is in the database but wordpress just does not see it. i then delete the database and load up my backup. then when i try and access my website, i get the 50 000 error. my questions are, is the “dissapearance” of my database (as far as wordpress is concerned) because of the 50 000 error? secondly, i assume that the 50 000 is actually 50 000 queries sent to the databse in 1 hour – if this is the case, then it must mean that spiders, robots and other “automatic” accesses are made to my website, causing this high database query? if this is the case, how do i stop this?

much appreciate any help in this regard.

thanks

clive

okay, just checked the database with phpmyadmin and the posts and pages are still there. they are just not showing up in wordpress. also when i go into admin and select manage either posts or pages, they are not there.

weird

clive

i am also having the same problem – it’s happened at least 4 times now. i have version 2.5 and still i find that my posts and pages have been deleted!!!

i updated all the plugins i use and still have the problem.

any help will be appreciated

thanks

clive

found the problem, it is conflicting with another plugin “contact form ][ version 2.0.13

if i deactivate the contact form plugin then subscribe2 works and if i try to activate the contact form plugin, i get the fatal error message.

hop ethis helps someone.

regards

clive

hi miguel

i had a similar problem. it’s fixed now thanks to you, saved me a lot of time.

thanks
cheers

clive

hi

i need to send it as a GET. yes i have defined the method as a get. i am using an htm file (which has the form) which i include in the wordpress page. the file works perfectly (the email address is sent and received by another PHP file outside of wordpress) when i use the htm file via the wordpress page, it does not work.

i have since realised that it has something to do with the permalink structure as i set the permalink to default and it works perfectly in wordpress. i noticed that when using the permalink structure that i previously had, it would append “extra stuff” to the url. anyhow, it seems that my problem is solved – i just need to fine tune my permalinks.

thanks

cheers

hi
i am having a similar problem. i have a form on a wordpress page. the $_GET variable is the email address entered by the user. on clicking submit, the action page is called and the variable, email address should be passed but it is not. if i echo $_GET[’email’], it is blank.

i then create a link on the same page (where the form is) with a get variable – ?email=emailAddress. when this link is clicked, the same page as per action in the form is called and the get variable passed. this time the variable is there and is displayed with the echo $_GET[’email’].

i would very much appreciate it if someone could let me know how to ensure that the $_GET variable is passed successfully from the form.

thanks in advance

regards
clive

hi

you can go here they offer to do a free installation for you. maybe they can help.

good luck

[sig moderated]

hi

my host is startlogic. com – they say the problem is with my site (wordpress). they have the hacker safe certification certificate displayed. see quote below.

i somehow believe the problem is with the plugins. thinking back to the time my site was hacked, i had re-activated safeincludes but i also had made a backup (using the backup plugin) and forgot to change the cmod of the backup directory which requires public or group access to write the backup. so i guess the hacker could have got in that way. i have since changed the cmod to that directory and have had no problems since.

i guess the problem is not with wordpress it’s self but with the way i have been using the plugins – i.e the security has been slack on the access given to some of the files and directories used by these plugins. so i guess i will be more careful from now on.

here’s the quote from the startlogic site’s hacker safe certificate…

HACKER SAFE CERTIFICATION 05-MAR-2007
This site is tested and certified daily to pass the HACKER SAFE Security Scan. To help address concerns about hacker access to confidential data, the “live” HACKER SAFE mark appears only when a web site meets the HACKER SAFE standard.
Research indicates sites remotely scanned for known vulnerabilities on a daily basis, such as those earning HACKER SAFE certification, can prevent over 99% of hacker crime.

hi

i also have a problem putting the button on a page. it works fine in the sidebar. i unchecked “WordPress should correct invalidly nested XHTML automatically” and turned off the WYSIWYG editor. then pasted the html code i got from paypal. i get the paypal error 3005 when clicking on the buy now button. this code works if i test it outside of wordpress BEFORE pasting it in wordpress. i then copy the code from wordpress and paste it in my html edito and get the same paypal 3005 error – so wordpress is changing the code in some way! it seems that the change takes place within the encrypted section of the button code as i checked the usual <form> lines with the original and they are unchanged. i can’t check the encrypted code for obvious reasons. anyway, here is the code for hose who are interested to check whether it works within their wordpress page:

<input type=”image” src=”https://www.paypal.com/en_US/i/btn/x-click-butcc.gif&#8221; style=”padding:0px; width:73px; height:44px; border:0px;” name=”submit” alt=”Make payments with PayPal – it’s fast, free and secure!”>
<img alt=”” src=”https://www.paypal.com/en_US/i/scr/pixel.gif”&gt;
<input type=”hidden” name=”encrypted” value=”—–BEGIN PKCS7—–MIIHyQYJKoZIhvcNAQcEoIIHujCCB7YCAQExggEwMIIBLAIBADCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwDQYJKoZIhvcNAQEBBQAEgYAlEjezESMqxP141HfAeECsVsqvbwrrcd1EKM4Ot+ZwrH6tRDUxFd5C3UcgOKEBpR87Eom+ieqWB3PazokyHzcdJzfuqAqFSKC+UM7zhXvUILoswnERis0O3e4Mykh5mlZfyRDxGws7Y2eEMsBZIdv8pi3Oz0n70XXdieV/fqNIwDELMAkGBSsOAwIaBQAwggFFBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECHnAWpd9vs/ngIIBIHVHOS+fNC6mG7/usqpI7YdS4P6BBbXNkzZ4v0esQqZeqADC0d8SfM0Yx4cDvJP06EPF2J5rjiQPrRMwxY9Zsui28/Wx21jSqKwOlZBIPdRGku7lT0pu6/qq9UdcdVrJekkpcI7xOJJzS2fxj+gbj+9H/3jtzguouNnzNVFt8OgCCWmJ8j3MKjtBjwStmOoWmZveIWLM40yMqmf6ibgWg0Yjlt4RlyWVYYfDGh37SPdHBFpo2QYgQ7NtiSD5mMZum9TZ1aZQfegLDO6ryKKmMxuMpE3a4HsT1WcYEuNDLPCF0SjLLidUerItepnl9zDT7vGtCbzeFm9W6lBUnFoocHY4yddjtVbDxzuCBbl2ijX94XPCwTgPSKdXAQlYxrYPk6CCA4cwggODMIIC7KADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTAeFw0wNDAyMTMxMDEzMTVaFw0zNTAyMTMxMDEzMTVaMIGOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC1BheVBhbCBJbmMuMRMwEQYDVQQLFApsaXZlX2NlcnRzMREwDwYDVQQDFAhsaXZlX2FwaTEcMBoGCSqGSIb3DQEJARYNcmVAcGF5cGFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwUdO3fxEzEtcnI7ZKZL412XvZPugoni7i7D7prCe0AtaHTc97CYgm7NsAtJyxNLixmhLV8pyIEaiHXWAh8fPKW+R017+EmXrr9EaquPmsVvTywAAE1PMNOKqo2kl4Gxiz9zZqIajOm1fZGWcGS0f5JQ2kBqNbvbg2/Za+GJ/qwUCAwEAAaOB7jCB6zAdBgNVHQ4EFgQUlp98u8ZvF71ZP1LXChvsENZklGswgbsGA1UdIwSBszCBsIAUlp98u8ZvF71ZP1LXChvsENZklGuhgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLUGF5UGFsIEluYy4xEzARBgNVBAsUCmxpdmVfY2VydHMxETAPBgNVBAMUCGxpdmVfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAgV86VpqAWuXvX6Oro4qJ1tYVIT5DgWpE692Ag422H7yRIr/9j/iKG4Thia/Oflx4TdL+IFJBAyPK9v6zZNZtBgPBynXb048hsP16l2vi0k5Q2JKiPDsEfBhGI+HnxLXEaUWAcVfCsQFvd2A1sxRr67ip5y2wwBelUecP3AjJ+YcxggGaMIIBlgIBATCBlDCBjjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtQYXlQYWwgSW5jLjETMBEGA1UECxQKbGl2ZV9jZXJ0czERMA8GA1UEAxQIbGl2ZV9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20CAQAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3MDIyMjA4NTk0NFowIwYJKoZIhvcNAQkEMRYEFJCv/edBCLE2f7SlKhY9RvPjFn6GMA0GCSqGSIb3DQEBAQUABIGAZ2FRcn6xutwsi8JLnJ6q7YOYlv2A93Q4poSaGfs96IwjXqny80F7YNYuGt7T2bhEGrb+5LMIsPz2Ga0i8YXCc++uVSHarI43SfR2CzLHsrvz9hepkUV5aN1Y9IfQ2z74wnLuA3rNz9HyH8DX0a1kURxJmfw2obXKV2Fm0gVZofY=—–END PKCS7—–
“>
</form>

sorry whoami but i am not used to ugrades coming out so fast and furious so i never bothered to look as i believed that i had the latest version. my mistake.

so i upgraded to 2.1 and i thought all my troubles were over. everything worked and every day when i visited my site, there it was, like it should be. until this morning…when i visited my site i was greeted by a wordpress blog called “swastikroi” – he/she had hacked my site and deleted the database.

as far as i can tell, the only change i made yesterday was to include the “safeinclude” plugin. seems more than a coincidence that everything worked well until i loaded this plugin.

anyway, appreciate any comments by others who have had their 2.1 hacked.

thanks

clive

nice to hear that but one of the plugins i have (to create a google sitemap) requires 2 files it creates to store the sitemap, to have chmod 666. this also applies to the backup plugin – what do i do about that if i want to keep the plugins?

thanks

clive