saqib62

Thanks Tara for the help. Already flushed the caches. No help.

Will next try with the plugins. I have growing suspicion its one of the plugins, but I didn’t want to go that way because its always a pain in the….. and I was hoping someone would offer some other workaround.

But thanks anyway.

Thank you so much Peter!

You’ve finally cracked the code. I’ve tested the updated version of the plugin extensively on my sites and it works beautifully irrespective of the size of the image or the camera from which it was taken.

Anyone looking to work with images extensively on his or her blog should definitely install and make use of Peter’s terrific plugin.

Great effort!

Hey Peter,

I tried to find some way of sending you the images on your website but to no avail. I’ve therefore uploaded the images on my own domain and mentioning the links category-wise:

Images processed in-camera as jpg and unable to be uploaded properly:

https://www.brandasy.com/sony-p10.JPG
https://www.brandasy.com/sony-p10-2.JPG
https://www.brandasy.com/nikon-s9100.JPG
https://www.brandasy.com/nikon-s9100-2.JPG
https://www.brandasy.com/Samsung-Galaxy-S3(1).JPG
https://www.brandasy.com/Samsung-Galaxy-S3(2).JPG

Images taken as Raw and processed through Lightroom. They are therefore able to upload properly via this plugin:

https://www.brandasy.com/canon-650D(1).jpg
https://www.brandasy.com/canon-650D(2).jpg

Hope you could come up with a viable solution. All the Best!

Yep. Wild it is.

Which files do you need Peter? The image files? If yes, then from which camera? Nikon S910? Sony P10? Samsung S3? or Canon 650D? Have tried uploading from each of these source with no luck.

However 650D files do get uploaded successfully but that’s because they are shot in RAW and processed in Lightroom.

Let me know which ones and how should I give them to you.

The reason I’ve spent so much time trying to make this plugin work is because I believe it offers a terrific functionality which although not for everyone, will aid me tremendously in all of my four sites.

BTW, the ‘a’ is missing from ‘Adams’ causing your website link to go nowhere.

I’ve tested the image taxonomies plugin extensively on four of my sites:
1. Restaurants Uncut
2. Brandasy
3. Will Shoot For Money
4. Travel Hustling

Two of these sites are four years old, the other two newly minted, with different plugins installed on them and yet all of them face the same two issues:

1. Images that have not been processed through Lightroom do not get accepted by wordpress as being uploaded although they show up on the dashboard.

2. Images that have been processed by Lightroom get accepted but if they are smaller than 1.7mb in size. Any size bigger than that and the aforementioned problem occurs.

After deactivating the plugin, images get uploaded easily, irrespective of their file size or whether they have been processed in Lightroom or not. So it’s not an issue with PHP memory limit.

At first I thought it was a conflict with some other plugin, but after checking different permutations and combinations on the four sites, even going to the extreme of deactivating all the plugins and keeping only Image Taxonomy activated, the same problem recurred.

Based on this observation, I can only infer that Image Taxonomy Plugin is not compatible with WordPress 3.8.1.

If that’s not the issue, and there’s something else causing the plugin to malfunction, I would appreciate it if someone could help me out with it.

Just to be thorough, I’ve uploaded the screenshots of how the plugin is interfering with the image upload. I’ve circled the things to be noted, viz, the absence of image dimensions and file size, and the error of ‘image does not exist’ when I try to edit the image:

https://www.brandasy.com/No dimensions.png
https://www.brandasy.com/No file size.png

It would be great if someone could make sense of this mind-boggling issue.

Thank you Jan for the help. Appreciate it.

I guess I’ve deluded myself into thinking that just because the site has not been hacked again in the last six months, it won’t happen again in the future.

I think what I was really looking for when I posted this dilemma of mine is that if someone had the same experience post-hack, how did they resolve this strange character-changing behavior of wordpress engine. And if someone can share a similar experience, I would be grateful.

I will definitely be going through all the aforementioned resources to double-check everything, some of them I had already gone through when cleaning the site after the previous hack.

Hi Kaniamea,

Thanks for trying to help me out with this.

Yes the site is spelled correctly. For some inexplicable reason it was only showing on firefox and not on chrome and IE. After I installed W3 total cache plugin, it’s now opening on all browsers.

The following is a complete list of things gone wrong with my site https://www.restaurants-uncut.com. :
1. Some of the alphabets in posts convert to strange characters upon publishing.
2. Half of the post disappears once it is published. It’s as if the editor deletes part of the post randomly.
3. The Jetpack site stats page is showing the same strange characters. Only here the complete screen is showing gibberish stuff instead of just partial, like in posts.
4. The strange characters are also visible in the admin panel. That means it not something in the theme itself.
5. The post summary and thumbnail does not show up in Facebook status update when I post a link of a specific post on my Facebook wall.

Some of the remedies I’ve tried:
1. Deactivated all the plugins.
2. Checked for malicious code in theme files.
3. Changed the theme altogether
4. Looked for malicious code in wp-config and .htaccess.
5. Looked for suspicious files in the website folder via FTP.

Couldn’t find any malicious code or file and nothing seems to work. Could the code have been injected into the database? How do I check that? That is, while files should I check in the database?

The site has been hacked four times in the past and migrated from Servesea server to iPage server, although I don’t think it’s a migration issue because I migrated another site of mine https://www.brandasy.com and nothing seems to be wrong with it.

Kindly advise.

Yes I did.

But I’ve been doing that for the last six years, ever since I’ve been using wordpress. I didn’t have a problem before. Why all of a sudden?

Also why would the characters of previous posts change as well, since they were alright when I first published then.

Finally, it’s just not the apostrophe (‘) that is changing. If you look closely at my content, sometimes even the alphabets like ‘f’ are being converted.

I just can’t make out why.

@gcaleval Thank you for your suggestions.

I’m afraid there’s too much content to start from scratch. But I think I will go with the ZBBlock solution. Looks enticing.

The passwords are all different for the three entry points, something I learned a long time ago.

One thing I wanted to ask is, does the choice of service provider have any say in whether your site gets hacked or not? I mean, if I change my website host server will it make any difference in either reducing the intensity of the attacks or making https://www.restaurants-uncut.com less vulnerable?

I’ve gone through a lot of stuff on this topic and it seems to me that the experts have an impasse on whether it makes a difference or not. Some say it does, others say it doesn’t.

What is your take on this issue?

Now there’s one more issue that has cropped up. Ever since I resolved my last hacking attempt and upgraded wordpress to the latest version, I’ve seen an increase in hacking attempts. At least half a dozen attempts are made every day. Here’s what the security plugins I’ve installed are detecting:

OSE Firewall? – Restaurants Uncut

[email protected]

12:40 AM (18 hours ago)

to me
== Attack Details ==

TYPE: Found Basic DoS Attacks
DETECTED ATTACK VALUE: dDos Attack
ACTION: Blocked
LOGTIME: 2013-02-03 07:40:09
FROM IP: https://whois.domaintools.com/94.23.27.29
URI: https://www.restaurants-uncut.comUser-agent:
METHOD: GET
USERAGENT: N/A
REFERRER: https://www.restaurants-uncut.com/wp-login.php

A host, 157.55.33.22(you can check the host at https://ip-adress.com/ip_tracer/157.55.33.22) has been locked out of the WordPress site at https://www.restaurants-uncut.com until Monday, February 4th, 2013 at 5:01:14 am UTC due to too many attempts to open a file that does not exist. You may login to the site to manually release the lock if necessary.

What should I do? Report this to someone?
Add more security plugins?
Why is my site becoming the target of so many attacks?
Is it because of the server? Is the vulnerability there?
What can I do to stop the attacks?
Or should I do nothing? Will they be able to penetrate the plugins shield or will it hold?

Any suggestion would be appreciated.

Thank you for your help – Frumph, Kmessinger, everyone.

I was finally able to ‘de-hack’ the site. For the record, let me disclose the reason so that it may help someone especially considering that this solution wasn’t revealed by anyone on the major troubleshooting sites.

Because we’re so much focused on major hacking attempts, we fail to notice the small things, and the same thing happened in my case. Since I had installed some major anti-hack plugins, the hacker wasn’t able to get to the core of the site.

He did however managed to penetrate the outer layer and therefore embedded a redirect script in the sidebar textbox.

Now because my earlier experience had taught me to look for malicious code within the wordpress code, as well as people’s suggestions as well on this forum, I overlooked this simple thing.

As soon as I deleted this script from the textbox, voila! The site was back online.

Moral of the story: Don’t forget the small things, even an innocuous thing as a sidebar textbox.

Once again, thanks everyone.

@frumph Already installed wordfence and did a detailed scan. Here’s what it says at the end of that scan:

“Congratulations! You have no security issues on your site.”

If that is the case, why is the site redirecting to a hackers page with a ‘security breach’ claim?

I’ve seen hacked sites before and easily found the culprit code, but this is something way beyond any security plugin or even wordpress security expert’s grasp.

Is there no hacking expert out there who can figure this out?

Here’s another clue I found by installing OSE Firewall plugin which gives this:

https://www.restaurants-uncut.com/?s=<script>alert(31337)</script&gt;

How do I find this script and remove it? Is it encoded within the site? If it is how do I detect and decode it?

Thanks Rab for the recommendation. Will definitely install the plugin once I sort this out. I don’t think it can help in this case when the files have already changed before the plugin was installed, isn’t it?

About the file change, that was the first thing I checked when I discovered the hack through both FTP and Cpanel.

Again it was mind-boggling. No file was changed! Not even the plugin and theme files that you expect the most to be compromised. I still went ahead and deleted all of them, but to no avail.

My guess is it has got to do with the database. Trouble is, it’s such a huge database and I don’t know what I should be looking for in it.

It’s like looking for a needle in a haystack, only in this case you don’t even know what the needle actually looks like ??

@frumph: Thanks for the suggestion. I’ve already installed Firewall 2 and WP Better Security. I don’t know if a third security plugin would help that much.

Yes I did that as well. And it just doesn’t make sense.

It is and it was showing a clean bill of health – no malware, no suspicious redirections.

Is this a more sophisticated attack that even Sucuri could not detect?

I just don’t know where to look next.