maerk

Hi,

Are you still having issues with the auto feature of extended comment options? If so, please reply and I can take a look at what might be going on.

Hi,

As the developer of this plugin, I can assure you it’s definitely not been written for the purpose of spamming.

It’s likely to be attacked due to its relatively high popularity. Spammers know that it is more likely to be on people’s servers, so they can target it with less guesswork. I’ve noticed a number of other plugins have been targeted similarly.

If you’re concerned about security of plugins, you can download them fresh and install them again. If you’re OK with changing server settings, I’d also recommend changing file permissions on plugin scripts to remove editing privileges. This can help prevent plugin files from being hacked. Can be fiddly when it comes to updating, but it does add extra security.

More on file permissions: https://codex.www.ads-software.com/Changing_File_Permissions

Oh hey, if it helps, it looks like your hacker didn’t close the <?php ?> block properly, so their hacking attempt to put in that iframe probably failed. That was likely what the error message was ??

Have you edited any code in the templates before? I’ll be able to help you with coding the template, but if you’re used to working with plugins and widgets I’m probably not the best person to help ??

How familiar are you with code?

Without going into too much detail, you’d need to select all users and loop through them, then within each iteration, select the posts. Something like:

users = SELECT user_id, first_name, last_name FROM wp_users;

foreach (users as user) {
// output user's name
SELECT post_id, post_title FROM wp_posts WHERE user_id = user[user_id] AND post_status = published LIMIT 5;
// output post
}

That’s not proper PHP but it’s an outline of the code you’d need.

If you don’t get an answer here, try asking at the cforms site:

https://www.deliciousdays.com/cforms-forum/

I’m not really familiar with cforms myself…

Don’t forget to get in touch with your host, they should be able restore databases from SQL files, or at least show you how.

By the way, ‘yscr_bbaq0z’@’localhost’ is your database user — you’ll likely never need it, but it’s basically the username your host assigned to you so that you can use the database.

So sorry!! Turns out I had the wrong value in $intPostId. This query works just fine!

Andrea_r: it was a little of both. I was trying to get rewrites working on an IIS server with ISAPI_rewrite by Helicon. Wanted to know if I had to hack the WordPress core to get it working, but it turns out I just needed to change the RewriteRules because the syntax is a little different.

Thanks for your help though!

So how does it serve the admin areas for the cities? It looks like it rewrites it back to the default admin location /wp-admin/whatever. How does the admin area know which city is being requested?

I’m using the latest version, 3.1.6 …

That’s almost definitely a hacking attempt.

Stop using the theme immediately and delete all the theme files.

eval() takes a string and executes it as PHP, which means people can encode PHP (as they have done here) so that it looks like nonsense. It is probably a file uploader, which means that someone can put any kind of file they like on your server.

I had this a while ago and someone had put a mailer script on my hosting, which sent out loads of emails automatically so my hosting shut down my site for a while.

Download the theme again and search through it. If you find the eval() there then don’t ever use it again. But if not you’ll be able to use the clean version of the files. Definitely contact the theme author and tell them there’s a vulnerability in the theme and explain what you’ve found.

RSS feeds are the way to go. I think PHP has some support for reading RSS feeds, google that and you should be able to come up with something.

If you are familiar with CSS you can change the design so that you have a fixed width. Then on smaller screens users will have to scroll sideways to get to the sidebar. This might be just as bad, though!

How small does the window have to be for the sidebar to move? If it’s very small, I wouldn’t worry too much about it since not many people browse with a tiny window!

If you want to change the date format you will have to edit the theme files. You will also need to learn how PHP controls the format of dates. This information is available from the PHP manual:

https://uk.php.net/manual/en/function.date.php

Come back here and ask if you get stuck.