WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Problem occurred right after I install some themes (13 posts)

  1. Architect
    Member
    Posted 1 year ago #

    I'm using wordpress MU with buddypress.
    I just uploaded 2 or 3 pinterest like themes and was testing them...all of a sudden I get these errors and they remain on every page of my website even after I deleted these themes!

    these two errors are always there:

    Warning: include_once(includes/custompost.php) [function.include-once]: failed to open stream: No such file or directory in /home/swotong/public_html/bluewhalefamily.com/wp-content/themes/frisco-for-buddypress/functions.php on line 271

    Warning: include_once() [function.include]: Failed opening 'includes/custompost.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/swotong/public_html/bluewhalefamily.com/wp-content/themes/frisco-for-buddypress/functions.php on line 271

    I tried to figure it out myself and I found that most if not all themes' function.php files in my wordpress multisite are changed---the following code is added at the end of function.php.

    <?php
    include_once ('includes/custompost.php');
    ?>

    The warning disappears once I delete the above codes but I have about 80 users using different themes on my site, do I have to delete that code one by one and is that the proper way?

    Another warning I get after trying those themes is the following:

    Warning: Cannot modify header information - headers already sent by (output started at /home/swotong/public_html/bluewhalefamily.com/wp-content/themes/frisco-for-buddypress/functions.php:270) in /home/swotong/public_html/bluewhalefamily.com/wp-includes/pluggable.php on line 866

    It appears every time I press visit random site/group/user ....

    The themes that cause these problems should be one of the following : (I'm sorry but I really can't make sure which one it is )
    iphoto/photum/graphictheme

    Please give me a hand. Thank you so much!

    P.S. if I have to reinstall, how can I keep my users' data as much as possible?
    this is my site's address: bluewhalefamily.com

  2. IshaanRawat
    Member
    Posted 1 year ago #

    Are you using the "Frisco for buddypress" Theme... ????
    If Not try to delete it from your FTP ...
    I hope this could work

  3. Architect
    Member
    Posted 1 year ago #

    Are you using the "Frisco for buddypress" Theme... ????
    If Not try to delete it from your FTP ...
    I hope this could work

    Hi Ishaan,

    Yes I'm using the Frisco theme. I just deleted it and download, reinstall it again. Now my main site is working fine. However the users on my site, because they each use different themes, their own page are still showing those warnings... These themes are somehow 'polluted' with this code:

    <?php
    include_once ('includes/custompost.php');
    ?>

    which is inserted at the end of the functions.php file. Meanwhile, there are some themes that aren't polluted and I find they this functions folder in their theme folder which I assume is the reason they are not polluted..

    Does anyone know what the above code mean and do I have to clean every one of my theme?

  4. Architect
    Member
    Posted 1 year ago #

    The other warning which doesn't have to do with themes :

    Warning: Cannot modify header information - headers already sent by (output started at /home/swotong/public_html/bluewhalefamily.com/wp-content/themes/frisco-for-buddypress/functions.php:270) in /home/swotong/public_html/bluewhalefamily.com/wp-includes/pluggable.php on line 866

    This seems to be solved after I go to the line that cause error

    header("Location: $location", true, $status);

    I just change the above 'true' into false and this warning haven't appeared so far...I don't really what I'm doing though...Really appreciate it if some one can tell me what this line mean and if that's the right way to solve the problem..

    Thank you!

  5. Architect
    Member
    Posted 1 year ago #

    Does anyone know how I can search and delete that same virus code in all my themes conveniently? I have hundreds of themes in my site so it will take me a long time to delete that code one by one....

    <?php
    include_once ('includes/custompost.php');
    ?>
  6. Hundreds of themes? Whoa.

    It really is better to replace the whole works from the sources then hunt and edit, even with a script. Especially when you consider that you'll be extracting only the code you know about and not the other code hiding there too.

    I mean, if you are going to try to script that then you can script deleting the suspect theme, downloading a clean copy, and extract it into the correct location.

    Even that wouldn't close the door the attacker came in via.

    You need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
    Hardening WordPress
    http://www.studiopress.com/tips/wordpress-site-security.htm

  7. Architect
    Member
    Posted 1 year ago #

    Thank you Jan! I’ll reinstall these themes...and be more careful with the themes in the future for sure.

    I’m really worried when you said it might be hacked…I downloaded those three themes(iphoto/photum/graphictheme) from this website http://devstand.com/design/pinterest-wordpress-themes/ Is that a suspicious website?

    I personally feel it’s more like a incompatible issue (maybe only occurs when it comes to wordpress MU or buddypress)rather than a malicious attack because pinterest style theme seem to have some special feature for example showing more images when you drag down to the bottom of the page etc. but you are right…it shouldn’t touch the functions.php file of other themes…Anyway I don’t have any experience in dealing with hackers at all so maybe I’m just trying to comfort myself I’m not hacked…

  8. I'm not familiar with that site or their themes but the one I downloaded and looked at briefly looked alright to me.

    That's not a deep dive or anything, just a 2 minute look-see. ;)

    it shouldn’t touch the functions.php file of other themes

    That's reason I think you may want to consider if you are hacked or not. A theme or plugin shouldn't go around modifying other people's code, especially without asking. That's a pretty good description of a hack.

  9. Architect
    Member
    Posted 1 year ago #

    I forgot to finish this thread...
    Conclusion:
    The problem comes from 'photum' it inserts that line of script to all my themes at the end of functions.php . No other harms. Once I take away that script in all my themes, they work fine.

    It's probably because I'm using multisites because others seem don't have this problem.

    Btw Iphoto is a really cool theme but it's not compatible with WordPress mu either according to my experiments, it doesn't insert codes to other themes though :P

  10. gje
    Member
    Posted 1 year ago #

    FYI
    I'm running a single WP site and same happened with me when trying some pinterest alike themes.

    Glad to pinpoint the bugger

    Thanks for your shares

  11. colinopseth
    Member
    Posted 1 year ago #

    I had the exact same problem with photum under a multisite environment. I thought I was hacked. Obviously, not.

    I'm deleting that theme. Ridiculous.

  12. Architect
    Member
    Posted 1 year ago #

    glad it helps~

  13. Maccus
    Member
    Posted 1 year ago #

    I can confirm, I had the exact same problem with the Photum theme...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags