We are experiencing the same issues since yesterday.
Both on the home pages and on the backend dashboard..
Any ideas?
Hi,
Did you test to deactivate all plugins to see what’s happening ?
I cannot deactive any plugins, as the backend prompts the same error?
Parse error: syntax error, unexpected T_VARIABLE in /home/user/public_html/domain.co.za/wp-includes/functions.php on line 192
Seems lots of users are experiencing this since upgrading to 3.5 –
http://wordpress.org/support/topic/help-site-crashed?replies=24
Its a hack. It’s happening everywhere. You can upload with a fresh copy of function.php, but it will continue to reinfect every hour or so. There is some discussion here: http://wordpress.org/support/topic/help-site-crashed?replies=31
I think I finally figured mine out.
1) On all my infected sites, I found a new file named 169b171bbdffdf3759850fef45515c67 among my root files. It looked strange so I deleted it, just in case.
2) Made sure I had backed up copies of MySql database. Also, downloaded necessary copies of any uploaded post images and theme revisions.
3) Deleted ALL OTHER FILES.
4) Manually reinstalled with a completely fresh version of WP 3.5.
5) Created a NEW wp-config.php file. Mine had a ton of extra code in it that I assume was infected.
6) Changed host password and WP passwords.
So far, so good. I’ve gone about 10 hours without getting hacked, so I think it worked.
Good luck!
Where was that infected file located, I cant find a similar file, i cant access my WP admin, same error… If I disable plugins renaming the foolder nothing changes.
Really annoyed with this hack! Four sites I’m hosting in the same server were affected.
I replaced wp-includes/functions.php with the stock file and deleted the nonsense from the first line of wp-config.php <?Blah$Blah*Blah…. ?> down to the real WordPress <? tag.
Seems to have done the trick.
Shan
(@shan-last-shreds-of-sanity)
It’s that dang eval(gzinflate(base64_decode hack again.
I cleaned a client’s site twice in October because it kept coming back. It will infect nearly every PHP file you have on all your domains. Themes, core files..everything.
If you’re infected like this SWITCH HOSTS because your current one is not keeping you safe. My current client is on GoDaddy — big surprise — and I’m switching her to HostGator. You know, a real host. LOL
Nearly ANY host out there is better than GoDaddy. So just say no to them and save yourselves a lot of trouble & frustration.
Guys, I had the same porblems and the quick fix was to replace the functions.php with a new version of functions.php. That only worked for a bit and then the same problem occured.
My web host found a missing close on line 191.
Here is his response:
“Hello again,
So, I have been researching this issue for a great amount of time during my
shift, and think I figured it out.
Going back to the error you provided:
“Parse error: syntax error, unexpected T_VARIABLE in
/home/aurelius/public_html/wp-includes/functions.php on line 192″
I checked out functions.php, line 192 to be exact. That line looked good, but
line 191 appeared to have some issues:
if ( doubl// Mysql string Year
When I saw that, and no closing parenthesis, I closed it, so it looks like
this:
if ( doubl)// Mysql string Year
Now, the site resolves again.”
It’s been over 48 hours and I’ve yet to experience the same problem as I did before.
Give it a try.
THANK YOU Aurelius!!! That worked and my site was down for a week! http://blog.infiniteprospects.com Short of backing up everything and re-coding, wasn’t sure what I was going to do and when it would be back up and running. You are THE MAN!!!
To everyone else in this discussion that thought this was a hack and not a syntax error, did you try this fix?
“My web host found a missing close on line 191.
Here is his response:
“Hello again,
So, I have been researching this issue for a great amount of time during my
shift, and think I figured it out.
Going back to the error you provided:
“Parse error: syntax error, unexpected T_VARIABLE in
/home/aurelius/public_html/wp-includes/functions.php on line 192″
I checked out functions.php, line 192 to be exact. That line looked good, but
line 191 appeared to have some issues:
if ( doubl// Mysql string Year
When I saw that, and no closing parenthesis, I closed it, so it looks like
this:
if ( doubl)// Mysql string Year
Now, the site resolves again.”
It’s been over 48 hours and I’ve yet to experience the same problem as I did before.
Give it a try.
Shan
(@shan-last-shreds-of-sanity)
I do believe it’s a hack because I went into my client’s core files and found the same gibberish I found on another client’s site in October that got her black listed by Google.
This is the beginning of the injection code hack:
<?php eval(gzinflate(base64_decode('
In some cases, it could be a missing closing tag, but in my client’s case, it’s an injection hack.
To everyone else in this discussion that thought this was a hack and not a syntax error….
@infiniteprospects: It is a hack and not a simple php error. Look at http://sitecheck.sucuri.net/results/infiniteprospects.com
SongDog – that is not my blog site – that’s my website. Sucuri.net says there is malware on that AND my blog…
This site says the site blog.infiniteprospects.com is clean…
Security Check
Domain clean by Google Safe Browsing: blog.infiniteprospects.com – reference
Domain clean by Norton Safe Web: blog.infiniteprospects.com – reference
Domain clean on Phish tank: blog.infiniteprospects.com – reference
Domain clean on the Opera browser: blog.infiniteprospects.com – reference
Domain clean by SiteAdvisor: blog.infiniteprospects.com – reference
Domain clean on Sucuri IP/URL malware blacklist: blog.infiniteprospects.com – reference
Domain clean by the Sucuri Malware Labs blacklist: blog.infiniteprospects.com – reference
Domain clean on Yandex (via Sophos): blog.infiniteprospects.com – reference
