debajyoti

Thanks a lot Nick. Worked like a charm ??

It’s a timthumb.php exploit. That plugin was using old timthumb.php. Also any other theme or plugin using old timthumb.php might also be vulnerable to this phpRemoteView attack. I have mailed the detail files to WordPress. They have intimated the plugin developer and for the time being, the plugin has been removed until plugin developer fixes the loopholes and further tighten security. So far I have investigated further, It’s not a vulnerability within WordPress core, it’s the timthumb.php file causing this problem. Ipstenu posted a good link in another thread
“For those following along, this seems to be the TimThumb issue: https://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain-com-attacking-timthumb-php.html You can run an instant free security check for your site there.

Check this if it would be of any help https://www.ads-software.com/support/topic/warning-preg_match-functionpreg-match-errors?replies=15

Are you talking about “wordpress admin Dashboard->Appearance-> widgets”? If so, then it is some javascript conflict. First try with other browsers like chrome or FF. If not working, then Check your plugins and theme. Deactivate them all and check. Then one-by-one reactivate them and check. Put default theme and check. Otherwise to work for the time being, see the ‘screen options’ at the top right corner of wordpress widgets area and there click on ‘Enable accessibility mode’.

No, it should automatically be changed. You can cross check downloading a copy of your .httaccess via FTP and find something similar below there as I told you earlier.

RewriteCond %{HTTP_HOST} ^gspreschool.net$
# RewriteRule ^/?$ “http\:\/\/www\.gspreschool\.net” [R=301,L]

Select ‘do not redirect www’
in step 3 simply write gspreschool.net in the box there.
in step 4 write complete url https://www.gspreschool.net
Hope then your problem would be solved. I have checked your site, it still resides at both www and non-www.
After you are done, Check on other browsers by typing https://gspreschool.net/ and it should automatically redirect to https://www.gspreschool.net. you can see it in your browser’s address bar.

Do not do wildcard redirect.
Follow these steps in cPanel ‘Redirects’:

1. Type – Permanent 301
2. Select check button ‘do not redirect www’
3. put your domain name https://[gspreschool.net]/ [Write what I wrote in []brackets
4. Redirects to [https://www.gspreschool.net] [write in the box there what I have written in[]]
5. Then click on ‘add’

Now check

It seems that your site resides both at https://gspreschool.net/ and https://www.gspreschool.net. You need to login to your cPanel and then from ‘redirection’ tab, you need to 301 Redirect your non www version to www version. Also check your .htaccess should have something like this:

RewriteCond %{HTTP_HOST} ^gspreschool.net$
# RewriteRule ^/?$ “http\:\/\/www\.gspreschool\.net” [R=301,L]

You have this malicious script "script language="javascript" SRC="https://superpuperdomain2.com/count.php?ref=" in your index.php.
“IGIT related post with thumb image after post” is the plugin causing this problem. Remove the whole plugin and read below for more details about how to clean your site from all those malicious files.

1. RSS Feed Crash
2. ATTENTION: IGIT Related Posts With Thumb Image After Posts phpRemoteView Attack
3. Feedburner RSS Feed link broken

Connect to FTP. Go to your /wp-content/themes/your-current-theme folder. Find any ‘images’ or similar folder there and hopefully you can see ‘logo.jpg’ or something similar there. Replace that with your own custom logo. Hopefully that will solve your problem

Are you talking about “wordpress admin Dashboard->Appearance-> widgets”? If so, then it is some javascript conflict. First try with other browsers like chrome or FF. If not working, then Check your plugins and theme. Deactivate them all and check. Then one-by-one reactivate them and check. Put default theme and check. Otherwise to work for the time being, see the ‘screen options’ at the top right corner of wordpress widgets area and there click on ‘Enable accessibility mode’.

Please check which embed code you are using. You can try with youtube’s old embed code rather than the new iframe code. Place it in HTML Editor mode (not visual mode) while you paste it in WordPress page. Things should work without any problem.

See these VPS tweaks if that would help you. Also, try to reduce number of plugins. Keep only what are really required. Also optimize any Google-XML sitemap plugin or Global translator plugin if you are using. Sometimes, those sort of plugins might cause RAM problem. Also check your server logs for more details. If you can post more details about the error here, that would be helpful.

IGIT Related Posts With Thumb Image After Posts is the plugin which is causing this. I have seen the same as @oceansdb earlier. More details here

Internal server errors (error 500) are often caused by plugin or theme function conflicts, so if you have access to your admin panel, try deactivating all plugins. If you don’t have access to your admin panel, try manually resetting your plugins. If that resolves the issue, reactivate each one individually until you find the cause.

If that does not resolve the issue, try switching to the Default theme or the Twenty Ten theme (WordPress 3.0 and higher) to rule-out a theme-specific issue. If you don’t have access to your admin panel, access your server via FTP or SFTP, navigate to /wp-content/themes/ and rename the directory of your currently active theme. This will force the Default theme (WordPress 1.5 – 2.9.2) or the Twenty Ten theme (WordPress 3.0 and higher) to activate and hopefully rule-out a theme-specific issue.

If that does not resolve the issue, it’s possible that a .htaccess rule could be the source of the problem. To check for this, access your server via FTP or SFTP and rename the .htaccess file. If you can’t find a .htaccess file, make sure that you have set your FTP or SFTP client to view invisible files.

If you weren’t able to resolve the issue by either resetting your plugins and theme or renaming your .htaccess file, then you need a more detailed error message. Internal server errors are usually described in more detail in the server error log. If you have access to your server error log, generate the error again, note the date and time, then immediately check your server error log for any errors that occurred during that time period. If you don’t have access to your server error log, ask your hosting provider to look for you.