djcayenne

I used my FTP to physically remove plug-ins. Eventually that worked. Not sure which plugin was the culprit. Will carefully reinstall.

As I said, I was very up to date. In the meantime, I cannot get in to do things like check all my plugins, etc.

I suspect higher level access is the issue.

I am very scrupulous about updates. Especially as of late. Everything was up to date. I’ve also been running exploit scanner and wordfence constantly to detect any possible malware/exploits/insertions

I’m back up and running. I have a clean install and am able to actually access the site. Changed passwords, changed secret keys in wp-config.php file. Running Exploit Scanner now to look for problems.

Thanks for your help. Any last tips?

The securicheck site shows that there IS a viagra message in the title of the blog. Is there a best course of action here for me to move forward with reclaiming the site? Still not sure why I can’t see it at all but others can.

I am not able to view the site with or without the www. out front. So that doesn’t appear to be the issue. I cannot get into the WP dashboard either. For me, it’s like the site has ceased to exist. Although others can see it apparently.

My only access is through FTP at the moment. Should I replace all system files with a clean install and go from there? I’m reading through the “you’ve been hacked” posts and fairly well freaked out. Trying to stay calm.

Solved. Used FTP to physically remove Jetpack since I was unable to deactivate or delete from Dashboard. Reinstalled. All is well.

Hmmm. Added a sharedaddy directory. Moved sharedaddy.php into that, which got rid of that problem. Now my Jetpack stats are gone. What’s the deal with that?

Yes the sharedaddy.php file is in the modules folder. I don’t have a sharedaddy folder if that’s where it should be, but the path in the error message doesn’t lead me to believe that’s the case.

It’s actually two warnings posted on all pages:

Warning: include(/home/timandjen/babygotbooks.com/wp-content/plugins/jetpack/modules/sharedaddy/sharedaddy.php) [function.include]: failed to open stream: No such file or directory in /home/timandjen/babygotbooks.com/wp-content/plugins/jetpack/modules/sharedaddy.php on line 11

Warning: include() [function.include]: Failed opening ‘/home/timandjen/babygotbooks.com/wp-content/plugins/jetpack/modules/sharedaddy/sharedaddy.php’ for inclusion (include_path=’.:/usr/local/lib/php:/usr/local/php5/lib/pear’) in /home/timandjen/babygotbooks.com/wp-content/plugins/jetpack/modules/sharedaddy.php on line 11

I’ve gone ahead and deleted the “core” file. No deliterious effects observed. I also found two recently updated files in my wp-content folder – wp-manager.php and cache.php. I’ve deleted both after reading the forums and seeing that these had caused similar problems for others.

Where do these file insertions come from and how do I lock down the blog to prevent this from recurring?

The site is back up and running. So far I have:

Checked users on the database – all good
Change permissions for inactive users on WP dashboard
Fresh install

Everything is back and looking good

Installed and exploit scanner: https://ocaoimh.ie/exploit-scanner/

I am going to use that as a starting point for checking my themes and plugins etc… I am also re-checking file attributes

Thanks for the help. Hopefully this will be the last time I write in with this issue.

It has been an ongoing issue for months now. I just kept trying to make sure that I had my install bulletproof. I hadn’t thought that it might be an issue with Dreamhost. I’ll shoot you an e-mail shortly Whoo

And now, since posting this, I’ve been hacked again. Replacing the wp-blog-header.php file does not fix the problem.

https://babygotbooks.com