Posted 1 month ago #
Wondering if anyone can point me in the right direction - All 3 of my Wordpress instances (separate installs using separate databases) are getting the same errors (only the directories are different).
Fatal error: Cannot redeclare wt7() (previously declared in /home/duffey2/public_html/campton/wp-config.php(1) : eval()'d code:1) in /home/duffey2/public_html/campton/wp-settings.php(1) : eval()'d code on line 1
Appreciate any assistance, I'm really stuck!
Would probably guess they've been hacked from what you've posted above, but that's just a hunch. :-(
Open up the wp-config.php and wp-settings.php files and see if they've had extra code inserted into them. If they have, re-install WordPress and make sure your database is squeaky clean:
http://codex.wordpress.org/FAQ_My_site_was_hacked
theyre all hacked.
Posted 1 month ago #
Thx, figured they were hacked.
I looked at the link alism provided before posting and am not having much luck. I'm going to continue to poke around and see what I can figure out. Not sure how recent my latest backup is so I'm hesitant to just re-install.
you dont need to "reinstall". you just need to "clean up" whats already there. shoot me an email if you get hung up,
Posted 1 month ago #
Fixed one of them found the following added to the first line of a number of php files.... how do I prevent it from occurring in the future. If you have a link to something mucho appreciated.
eval(base64_decode('aWYoIWlzc2V0K DELETED MOST OF IT THERE WAS A LOT ............T1NUWydlJ10pKTs=')); ?><?php
youre picking and choosing, you cant do that. follow the directions.
<start of copy and paste>
Make sure that your files on the server are clean. That means deleting and reuploading. Files that you dont replace, should be swept.
Check for files that dont belong, directories that dont belong. Image files with changed timestamps -- look at those. Its VERY common for there to be scripts on sites that are named in such a way to mask the fact that theyre scripts.
Be suspicious, when youre looking at things.
Look at your permissions. Do you have world writable files? Any world-writable directories? Are they necessary?
You need to check your database. Look for rogue plugins being loaded, look for rogue users (specifically look for a user named wordpress). You will NOT see rogue plugins or rogue users in your wp-admin/ area. You need to check your database.
Make sure ALL of your plugins are current.
Make sure your wordpress is current.
Change your mysql password that wordpress uses (update your wp-config.php with that new password). Especiallly important in cases where you see changes to your mysql database.
Change any admin level passwords on your blog. Change your ftp password(s)
Scan your local machine for malware.
Look at any other software thats being used on your site. Is it current?
That's just an outline and not a complete list.
There's quite a bit to do, but it's all necessary.
If you cant do it all -- by all means dont hesitate to enlist the help of someone who can. Quite a few of us do work on the side.
Then there's this:
http://codex.wordpress.org/Hardening_WordPress
and this:
http://wordpress.org/support/topic/307660?replies=1
and this:
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
same directions reworded:
http://codex.wordpress.org/FAQ_My_site_was_hacked
<stop of copy and paste>
You must log in to post.
