UseShots
Forum Replies Created
-
Forum: Hacks
In reply to: Infected php, can't get into admin.Looks like this: https://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html
If it’s it, you should restore everything from a clean backup (or reinstall WP, plugins and themes). Make sure all plugins and themes are up-to-date. Then you might need to delete a rogue admin user from WordPress (it has no name but it’s ID in the database is 1001001)
Also make sure that your site doesn’t have open user registrations unless you really need it.
Forum: Fixing WordPress
In reply to: log in fatal errorIt’s hard to tell from outside. All I can see it is broken. It may be broken because of that hack or because of any other reason. You need to check integrity of the files.
Forum: Fixing WordPress
In reply to: Have I been hacked? Yes, no or maybeThe original problem description resembles this ongoing massive attack
https://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.htmlIf it’s it, you should restore everything from a clean backup (or reinstall WP, plugins and themes). Make sure all plugins and themes are up-to-date. Then you might need to delete a rogue admin user from WordPress (it has no name but it’s ID in the database is 1001001)
Also make sure that your site doesn’t have open user registrations unless you really need it.
Forum: Fixing WordPress
In reply to: log in fatal errorCheck if it’s the same problem https://www.ads-software.com/support/topic/parse-error-and-general-trouble-with-plugins-and-the-ftp?replies=2
Forum: Fixing WordPress
In reply to: Parse error? And general trouble with plugins and the FTPThis may be relevant to this massive attack that corrupts WordPress files
https://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.htmlIf it’s it, you should restore everything from a clean backup (or reinstall WP, plugins and themes). Make sure all plugins and themes are up-to-date. Then you might need to delete a rogue admin user from WordPress (it has no name but it’s ID in the database is 1001001)
Also make sure that your site doesn’t have open user registrations unless you really need it.
Forum: Fixing WordPress
In reply to: Fatal error when accessing wp-adminMake sure all core WordPress files are intact. There is currently a massive attack that corrupts WordPress files
https://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.htmlHey, It’s hard not to see what’s wrong!
There are a few kilobytes of malicious code at the top of the file. And most likely the file itself is corrupted. It’s this hack:
https://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.htmlYou need to restore everything from a clean backup, reinstall plugins (make sure you update them all) and delete the maliciouc admin user.
This sounds like this attack https://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html
It is always from this IP 94.136.150.28
Most likely they use vulnerability in one of your plugins to create that user and then they log in.
Forum: Fixing WordPress
In reply to: Cookie Warning PopupThis reminds of the latest Sucuri article:
https://blog.sucuri.net/2014/05/website-infections-malicious-redirect-to-porn-website-target-wordpress-and-joomla-users.htmlMake sure to check wp-config.php (with word wrapping). The malicious code can be hidden there.
Forum: Fixing WordPress
In reply to: Blackjackonline ad. in my postsOK, I found the link.
You can check if it is in the posts where you see it. Open the posts in WordPress admin. I don’t know what scanner you used but if they didn’t check the Database they could easily miss the problem.
Forum: Fixing WordPress
In reply to: Blackjackonline ad. in my postsFor people who investigate such issues it matters.
Forum: Fixing WordPress
In reply to: Blackjackonline ad. in my postsWhich pages exactly? Where can we find that link? Do you always see it or from time to time? Don’t make us guess
Forum: Fixing WordPress
In reply to: Injection of External LinksHello,
We, at Sucuri, see this infection on quite a few sites. It’s quite sophisticated and uses several types of backdoors and malicious files.
On WordPress, it typically injects malware into wp-login.php, wp-config-sample.php and wp-content/index.phpIn addition, you can find malcious code in theme_logo.jpg, .cache.jpg, .cache.php. wordpress.gif, .xml, sidebar-k.gif, sidebar-bg.gif, header-bg.gif, web.root and some other – I don’t specify directories here as it puts malware in random writable directories.
I second that “using premium themes and plugins does not ensure that your site is safe in the least” – we see many attacks via security holes in premium themes and plugins, especially when they are not up to date.
To tell how it happen, you need to analyze you server logs – usually the answer is there.
Forum: Fixing WordPress
In reply to: HELP PLEASE! malware ruining my lifeI know, it always happens when I post snippets of malicious code. Unfortunately, I don’t have AVG to test which part of the code triggers the alert (it’s usually enough to add some extra space, but it’s hard to predict what their rules look for exactly).
I’ll try to play with the snippet and leave a bare minimum so that it is still recognizable.
Update: I’ve slightly modified the snippet. Not sure if it’s enough. Do you still see the alerts?
Forum: Fixing WordPress
In reply to: HELP PLEASE! malware ruining my lifeI wrote an article about this infection:
https://blog.unmaskparasites.com/2012/03/07/you-need-to-pay-for-this-crypt-trial-version-of-malware/