WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Hacked with strange "core" files? (24 posts)

  1. ben_griffith
    Member
    Posted 4 years ago #

    Hi,

    Today, I got a message by my provider that I am running out of space. When I checked my disk space, I noticed strange files with no extension, each of them had a size of about 78 MB and were called "core.18167" e.g.

    Let me mention that I have 2 WPs on my domain, a public one and a test blog. Although I always test themes in my test blog, my main blog had 4 of this core.xxxxx files and I saw 1 file in my test blog.

    When I went to google, I couldn't found anything about this core thing.

    I had downloaded a template here from WP called Carrington Blog. I checked my FTP transfer and noticed that part of this themes is a "carrington-core" folder. I am not sure if there is a context.

    I was the only one who used the FTP this months.

    I had 2 weeks ago a pingback which I had created last year. Suddenly, I got the message that I had set that pingback. After checking my 404 pages, I noticed that this entry, which contains that pingback, was described as 404, although the page was still there.

    I save my weblog as xml file.

    Do you have any idea who put these core files into both weblog directories and can I use my XML file (which has still a normal size) to recover my weblog?

  2. ben_griffith
    Member
    Posted 4 years ago #

    I forgt to mention that I asked here regarding problems entering the dashboard last month. I noticed that I had to click 3, 4 times on "Site Admin" before I got the dasboard.

    When I re-uploaded the wp admin and the wp icludes folder, I noticed that Dreamweaver renews files, although they were on the server side. Normally, Dreamweaver only re-uploads if a file has changed or is missing.

    Grateful to each idea you have,

    Ben

  3. alism
    Member
    Posted 4 years ago #

    Sounds like they're Apache core dump files. If something goes wrong, Apache will create this sort of file so you can debug what went so badly wrong.

    http://en.wikipedia.org/wiki/Core_dump

    You can probably find some people talking about similar issues, just Google "core dump" and wordpress. Should get you started! Best of luck.

  4. s_ha_dum
    Member
    Posted 4 years ago #

    Those are core dump files created when software crashes. It might indicate a hack but it might also indicate a badly written plugin or theme, or some incompatible server software.

    However, the fact that Dreamweaver thinks it needs to replace files is suspicious. I don't think I've never once used Dreamweaver but I imagine it tries to determine which files have changed in order to avoid un-needed bandwidth usage. Assuming that's true, its a good bet that something is editing your files. That might be a problem, although if software is crashing it could conceivably corrupt files.

  5. ben_griffith
    Member
    Posted 4 years ago #

    Thanks to you both.

    I don't use any plugin in my weblog.

    This core link http://www.techzilo.com/wordpress-core-dump-files/ seems to be my problem.

    But what does "software" mean? WordPress is a CMS and not software (or I am wrong?)

    I am using 2.7.1 since last year and had never had problems until about 4 or 6 weeks ago, when the dashboard problem began.

  6. For what its worth, you should upgrade WP. Version 2.7.1 is hackable.

    The old version might also be the source of the problem with the core files and Dreamweaver.

  7. alism
    Member
    Posted 4 years ago #

    WordPress is software. A Content Management System (CMS) is just a type of software.

    Hardware would be your PC or printer for example. Any programs, like Windows, WordPress, or your favourite game are all software.

    Might be worth asking your website host if they've got the latest versions of server software installed.

  8. ben_griffith
    Member
    Posted 4 years ago #

    songdogtech, I don't think that 2.7.1 is more breakable than other versions. As far as I know if you want to hack a CMS then there is always a way.

    I found that link useful

    http://www.quickonlinetips.com/archives/2009/03/wordpress-core-dump-files/

    My provider has changed its PHP version and I can imagine that this causes problems with 2.7.1

    I will upload my weblog again and will test what happens.

  9. esmi
    Forum Moderator
    Posted 4 years ago #

    You can safely delete the core files. I've also had problems with core file dumps on 1 site recently. Funnily enough, after a dodgy PHP upgrade across multiple servers - some of which have now been rolled back. Upgraded WP and all plugins. Took down 1 or 2 plugins and not had a problem over the past week or so.

    I'm remain unconvinced that it's a WP or plugin problem as identical sites on other servers with the same provider have had no such problems. My guess is that it's a server config issue.

  10. Sorry, but saying "But what does "software" mean? WordPress is a CMS and not software (or I am wrong?)" means you don't know what you're talking about. If you're going to run WP, be aware of what's in the forums, among the threads being: Hack Warning for versions earlier than the newest. And yes, we can all be aware of undiscovered security issues with the latest version.

    Use <?php phpinfo(); ?> on your server to check the PHP config and see what security limitations your hosting compnay has set that may or may not affect WP.

  11. s_ha_dum
    Member
    Posted 4 years ago #

    I don't think that 2.7.1 is more breakable than other versions

    I have to quite respectfully disagree-- very strongly. The longer software has been on the market the longer people have had to figure out how to break it and hence the longer software has been on the market the more flaws have been found and the more people know about those flaws and about how to exploit those flaws. With each update, among many other things, these flaws are removed. 2.7.1 is more vulnerable than 2.8.4.

    As far as I know if you want to hack a CMS then there is always a way.

    Probably true, but if you want to get into someone's house or car there is always a way but somehow it seems weird to conclude that you should therefore just leave the door unlocked and post a big neon sign announcing that the door is unlocked.

  12. ben_griffith
    Member
    Posted 4 years ago #

    Hi all,

    I am really grateful to you for all your help, because I don't know about a "core dumb file" problem. Now that I am aware of this, I will keep an eye on it. After uploading my weblog, I had 2 core files again. I also suspect that there is something up with the PHP version my provider is using.

    songdogtech: I appreciate your lesson regarding software. I wasn't aware that everything is called software, even a folder with files which contain a couple of strings. I'm old fashioned and have a stronge association between computer, hardware, software and installation processes.

    apljdi: you are right, but all bad news regarding 2.8 didn't convince me. Therefore I am still waiting.

  13. s_ha_dum
    Member
    Posted 4 years ago #

    I also suspect that there is something up with the PHP version my provider is using.

    Why do you think this? What version are they using? How long has it been running? How long have you been running your installation on that PHP version? What about web-server and MySQL versions?

    I've had zero problems with 2.8 other than having to change, literally, a line of javascript and a couple of lines of CSS in a plugin.

  14. esmi
    Forum Moderator
    Posted 4 years ago #

    In my case, the problems started within days of a mass PHP upgrade when I noticed error logs containing:

    PHP Startup: mm_create(0, /tmp/session_mm_cgi-fcgi32168) failed, err mm:core: failed to open semaphore file (File exists) in Unknown on line 0

    The hosting provider's have admitted that there's a problem and even rolled a few of the servers back when their suggested fixes failed. The core dump problems were just the worst problem.

  15. cubecolour
    ɹoʇɐɹǝpoɯ
    Posted 4 years ago #

    apljdi is right Ben, It isn't safe to run WP v2.7.1 - There's a vulnerability that leaves it open to a malicious worm. You really need to upgrade to the latest version asap.

    See this post on Lorelle's site

    You won't enjoy clearing up the mess if you get a visit from the worm.

  16. ben_griffith
    Member
    Posted 4 years ago #

    @apljdi and numeeja: I have been using 2.7.1 for months without problems. Suddenly, about 4 weeks ago, I have noticed dashboard problems. Yesteday, I get this out of space e-mail.
    Wordpress is a collection of source code, which workd fine for months. A version doesn't change its behaviour, only the environment can change it.
    This core dumb files are obviously caused by servers in context to PHP, Apache (I am not an expert").
    Regarding that worm what was Ma.tt warning for. I don't trust Matt. I am not the only one who is asking "quo vadis, wordpress".

    @esmi: I have written that to my provider last night! You are not the only one, I found many entries in google. My is the owner and only member of the company :-D and he answered immediately and asked to leave these core files the next time and he will try to find a solution.

    Thanks for all your help.

  17. alism
    Member
    Posted 4 years ago #

    Arrrrgh. No kidding you're not an expert. You're probably running Windows 95 without any anti-virus too, right? Well. It worked on the day you got it after all.

    Forget the core dump problem for a minute. People are telling you to upgrade because there's a STONKING GREAT SECURITY HOLE that's recently been discovered in earlier versions of WordPress.

    WordPress is a collection of source code, yes. On it's own it won't change it's behaviour. BUT - changes in server software will make it run differently and SO WILL HACKERS, using security weaknesses they've discovered.

    If upgrading also fixes your core dump problem - great, but the main reason you're being told to upgrade is because 2.7.1 is insecure on a public blog. If you need help to upgrade, people will help if you ask for it. They'll bend over backwards sometimes in fact. If you're just unwilling or just too plain stubborn/stupid/ignorant to upgrade, well then you'll find help cleaning it up after a hack more thin on the ground and a much bigger pain in the bottom. Hopefully I won't ever accidently visit your site and find it trying to install a load of malware onto my PC.

    Best of luck. You pays your money...

  18. ben_griffith
    Member
    Posted 4 years ago #

    @alism: After reading your text, I feel really bad and I will try to find back that money I lost.

  19. s_ha_dum
    Member
    Posted 4 years ago #

    Maybe you are missing that your vulnerable site isn't just a problem for you but for everyone who happens to stumble across it?

  20. alism
    Member
    Posted 4 years ago #

    Heh, you can't help some people. Ah well - no skin off my nose.

  21. ClaytonJames
    Member
    Posted 4 years ago #

    WordPress is a collection of source code, which worked fine for months. A version doesn't change its behaviour, only the environment can change it.

    One might have a hard time saying anything that could possibly overshadow the sheer magnificence of the ignorance contained in that statement.

    The "environment" has changed. The vulnerabilities "have" been published. These people are all trying to warn you and help you to understand the importance of that. My 12 year old niece has the acumen to find your site and successfully hack your blog using only the information found on this site and the internet. Why do you think they call them "security" upgrades? And of course, now that you have stated publicly - with arrogance - that you have no concern about your vulnerable version of WordPress being confiscated by some script-kiddie with 10 minutes to kill... Well, so much for security through obscurity. What could you possibly have to worry about?

    Do you have any idea who put these core files into both weblog directories

    You already thought you were hacked.

    But what does "software" mean? WordPress is a CMS and not software (or I am wrong?)

    Yes. To reiterate alism's and songdogtech's thoughts, You are incorrect. WordPress is a publishing software (web application) designed to be used primarily as a blogging platform. Although many good articles and resources do exist for assisting in converting it to an excellent content management system, that would not seem to be it's attraction or intentional function by design.

    The core dump files can, as many have stated, simply be discarded. It is nice to actually identify what application is generating the error and why though, if you can.

    Regarding that worm what was Ma.tt warning for. I don't trust Matt. I am not the only one who is asking "quo vadis, wordpress".

    I take back what I said about "..a hard time saying anything that could possibly overshadow the sheer magnificence of the ignorance.."

    Best of luck to you with un-hacking your site.

  22. ben_griffith
    Member
    Posted 4 years ago #

    I don't know why you are upset about a version, which was a stable one just 4 months ago. I am not talking about 1.5!

    I didn't have problems to be called an idiot. But I don't know why you all are telling me that my weblog would be in danger because of an worm. I mean, if you don't know how a computer worm works, then never mind. I also didn't call WP a software.
    But listening to a guy who is interested in other things than security questions and you and many other people don't ask, what this guy is telling us, sorry, that's not my problem.

    And again, thanks to all who gave me - an non-expert in server questions - an advise to get a chance looking into the problem. I went to google and looked about this "core dumb files". Perhaps you could also use the internet to find out what a computer worm is and how it works. And then, call yourself into question.

    Let's finish this discussion.

  23. ClaytonJames
    Member
    Posted 4 years ago #

    Yeah... Well,

    Best wishes to you friend. I hope you find out what's causing your "core dumb" files. Sometimes it's actually something very simple. Once you sort it out maybe you could post back and let us know what exactly was causing the problem. Especially if you find out it was php related. That might help a lot of others with the same issue.

    Be well!

  24. ben_griffith
    Member
    Posted 4 years ago #

    I am not an expert in things like that and I have no idea why it happens:

    WordPress uses wp-cron.php to check if the weblog still works.

    Suddenly, the wp-cron.php, was shown as 404 (although it was there!)

    I checked that error in google:

    http://www.google.co.uk/search?hl=en&num=30&newwindow=1&q=%22WP+cron+is+missing%22&btnG=Search&meta=

    The wp-cron.php begins with :
    require_once('./wp-load.php');

    Yesterday, I also noticed that browsers stopped loading my index.php, because "the process can't be finished". The code leads to the wp-blog-header.php.

    The code in that wp-blog-header.php file requires wp-load.php. (There is also another file required but that hasn't changed in 2.8.4)

    The wp-load.php in 2.7.1 looks very different to that from 2.8.4, which works with my server software.

    If you read some of these google entries above, you can see this problem is caused by changing the software on the provider's side.

    I personally finished that problem with switching to Dotclear dot fr

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags