kristystnh

I am not able to post a screenshot. Maybe I don’t have enough posts with this account?

Anyway. The website is https://www.nhadinc.org. A while ago, the photos that were in the banner at the top of the page were gone, and the page tabs are gone. I am sure the other admin messed up somehow, as I can see in the Simple History logs in the Hostgator cpanel with the myphp. I am sure he also deleted my admin access as I don’t see my old admin account in the users list.

I was able to set up a new admin access through the myphp, but I can’t get the drop list from the upper left corner to show the dashboard for the website so I can view the media files, posts, widgets, etc.

I was able to get in, but the dashboard panel doesn’t drop down from the upper left icon. When I try to use the …/wp-admin extension, I get an error message about needing to enable cookies. Cookies are enabled.

I did compare the information from the page you linked to the data on another admin’s profile, and the role to assign in the wpcapabilities line is for that admin is different from what is coded on the page you linked. Should I copy that code instead?

Thanks, I installed it. But a problem popped up right away. It’s already giving me thousands (over 3K in five mins already) for the same reason (illegal string offset in snitch_cpt.class.php on lines 565 and 566). I can’t deactivate to try again. I tried blocking the file through the plugin, but the problem persists.

That’s the problem I and another user are having, though I don’t know what was the name of the attack(s) on my site.

From what I have learned about login attacks, the IP or the infected site doesn’t necessarily mean that’s exactly where the hacker is coming from. The infected site/IP could be part of a botnet or a compromised network that a hacker is taking advantage of from somewhere far, far away.

My hits come from all over the planet. Beijing was one of the biggest sources until I blocked the IP range some of the hits were coming from.

For my site, I have twelve files marked as malicious ??

My situation is a little different, but I did discover a couple of .png files (listed as “added” by the Sucuri plugin) and one of these files contained my username, an old password, and my IP address (I was able to read the file code using Wordfence).

Something to consider for your situation.

That whoishostingthis link proved very helpful. It showed that the hosting provider was Unified Layer, but it didn’t have a website. Google searches did show a connection to EIG, which owns hostgator, a server listed for the website. EIG does have a website and email, so I sent an email. Someobody from there responded back in less than a day, told me that infected files were removed from the website and it’s back up online ?? ?? ??

The next thing to do is find out exactly who is the account owner. More to follow…

Yeah, that figures WP wouldn’t have some kind of a support staff, just the volunteers. I am still learning, and I was taken aback earlier this year when I figured out the difference between the .com and .org systems of WP. This is what lead to the initial contact with one of the admins, because I had to ask about how the website was paid for and there were no records of that.

Thanks for that link. I got a little more information that might help ??