WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] eval(base64 attack, now Dashboard gone (8 posts)

  1. rot@ti.org
    Member
    Posted 1 year ago #

    My web site was the victim of an eval(base64 attack, so I reinstalled WordPress to replace all php files. Now my dashboard is missing.

    When I go to sitename.org/wp-login.php, it accepts my user name and password and then goes to a blank screen also called sitename.org/wp-login.php.

    When I go to sitename.org/wp-admin all I get is a blank screen.

    When I go to other pages such as site name.org/wp-admin/options.php I still get just a blank screen.

    I've read some other forum posts from people who had the same problem who solved it by deleting the index.php file from plugins, but it didn't work for me. Other people have suggested renaming the twentyeleven theme after my theme. That changes the appearance of my website, but I still can't access the dashboard.

    I've reinstalled WordPress twice, but perhaps in doing so I erased some critical file. I saved my themes file, backed up and installed, then uninstalled, extraneous plugins, but nothing seems to work.

    Thanks for any help you can provide.

  2. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    Base64 seems to be still in your site. Can you post your site URL?

  3. rot@ti.org
    Member
    Posted 1 year ago #

    http://americandreamcoalition.org
    also http://adcblog.org/blog

    Base64 could be on either or both, but I can't find any.

  4. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    A cursory check of your sites don't reveal any Base64. Not sure if they are hidden in some of the core files or your databases. Hackers generally leave backdoors open so that they can get in whenever they want. I do not know if you cleaned up everything in your site after you were attacked the last time.

  5. rot@ti.org
    Member
    Posted 1 year ago #

    This happened about two years ago and someone else created a program called fixfiles.php that found and fixed all the infected files on a web site. I still have that program, but for some reason it doesn't work.

    Instead, I searched every file folder on the web site for files dated 9/30/12, which is apparently when the infection took place, and then replaced those files with uninfected ones.

    Assuming the site is clean, why wouldn't the dashboard work?

  6. Krishna
    Volunteer Moderator
    Posted 1 year ago #

    You may try usual troubleshooting steps such as:

    - deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).

    - switching to the Twenty Eleven theme to rule out any theme-specific problems.

    - resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an inactive plugin can still cause problems.

    - resetting your custom permalinks back to the default setting via Settings -> Permalinks. If this works, then review Using_Permalinks before setting a custom permalink structure back up again.

  7. rot@ti.org
    Member
    Posted 1 year ago #

    I can't deactivate plugins because I can't access the dashboard. So I backed up and deleted all plugins except akismet, which comes with WordPress. Didn't work.

    I switched to twentyeleven by changing its name to the theme I'm using. Didn't work.

    I can't use Settings->Permalinks because I can't get to the dashboard.

    I'll try removing akismet.

    What do you know, that worked. I'll redownload WordPress and install a hopefully uncorrupted version. I won't mark this resolved yet as there may still be other problems.

  8. rot@ti.org
    Member
    Posted 1 year ago #

    Still problems but I'll mark this resolved and open a new topic if I can't solve them.

Topic Closed

This topic has been closed to new replies.

About this Topic