micvideo

I understand what you mean, those files were all the same and looked like OS files. But they all had the word quarantine in them and that’s why I am worried.

Anyways, I deleted them all and for the moment none have come back. However, I am still getting spam user sign ups without any login forms so there still must be a bug in my site. I’m at my wits end, I don’t feel like doing any development with all these security issues.

Hi Eli, I just sent you a zip file with some of those hidden and corrupt looking files. Please let me know when you recieve it.

Sorry, I have been very busy lately and have not had time to dig up those files. However I sent out a small donation this week, I hope it got to you. Hopefully this weekend or sometime during the holidays I will get to that. Please keep the thread open until then.

I’m pretty sure they were evil files. Since deleting them last week I haven’t had a single spam comment. I would like to show you but I don’t know how to recover them from cPanel. They. Use be in one of my backups, I’ll check them when I get a chance. But is it safe to extract a backup with these corrupt files onto my desktop?

I will definitely send you a donation soon, it’s a very good plugin.

Ok, great. Thanks for the response, Eli. I just wasn’t sure, the plugin was installed to find the source of all the spam I’m getting and that login file was a mind bender for me. I have no idea what normal code looks like compared to the fake stuff.

On a side note, I could really use some help finding the bad code! Ive been looking all day. I did find a bunch of .filename.php files and when opened the showed some real crazy code so i deleted them all. I assume the plugin didn’t find them because they were considered hidden using the . ?

Im getting the same error messages. Has anyone found a solution?

The comments are held for approval in the WP dashboard.

Hi Ron,

I think I figured it out. I was trying to add a secondary domain pointing to my master domain but eventually noticed that my master domain, siteID 1, is not in the list in the plugin settings. So when I tried to assign a secondary domain to ID 1 it simply did not work.

Its obvious now that its not in the list because it was never configured using the plugin. So my answer was to use my cPanel settings to point these secondary domains to my master domain.

But, I still feel like I could have used the plugin to do the redirect but wasn’t doing something right. Is that possible?

Im getting this message also.

But at the moment my site is definitely compromised, I keep getting the same spam comment on a particular post even though comments are disabled and Wordfence isn’t detecting file changes.

I can’t figure it out but this DNS change seems to happen around the same time as the comment spam. I checked my DNS settings in cPanel, I can’t see anything out of ordinary.

I am at a loss, these creepy hackers are doing something and I need help asap.

It hasn’t been updated in two years. I think WP 4 finally broke it. If you find a working alternative please let me know.

Can either of you explain a little bit more about the htaccess code you recommended? I don’t know what any of it means.

Can I add it to my existing code or overwrite it? I can post what I have already here if that would help.

I have deleted it with no ill effects so far. I’ll leave the forum open for anyone who can identify the file source for future reference.

Thanks. My hosts does not make changes to my account without notifying me so its not theirs. I think it was created through a security plugin I may have installed at some point, I’m just not sure which one.

Thank you for the reply, I really appreciate the help.

I wouldn’t call it a security flaw. If wp-login.php is a security flaw, then so is https://accounts.google.com/ServiceLogin and https://twitter.com/login and https://www.facebook.com/login

I believe those are the URLs for user logins, not administrators. I doubt Mark Zuckerberg goes to that address to login to the back end of Facebook. WP uses one login page for both front and back, or at least it looks that way. I used to use Joomla a lot and to access the ‘dashboard’ I used a /administrator URL. Anyway, it would be nice if the back end login was completely separate in WP. I’ll have a look at the plugin you suggested and get back to you.

I really do not want to modify my htaccess file, it’s taken me out many times when I manually edit. I use Wordfence which I think locks out attackers and defends the site like you suggest. I would like to know more about that code before inserting it and check what I currently have.

Have you tried https://www.ads-software.com/plugins/facebook/ ?

No, but I want more than just Facebook login. Twitter and google are also important.

Thank you.