Thread Starter
quiq
(@quiq)
Link for the site
When you are on the site, enter to a News menu, calendar and categories. This is my actual problem.
How different are your category.php & index.php files? Have you tried deleting the category.php file?
If you have an original copy of your category.php file, delete the one from the server and replace it with the original.
Thread Starter
quiq
(@quiq)
It looks like there is no category.php file on my wp, is it possible? I cannot find one
Thread Starter
quiq
(@quiq)
index.php is original, nothing changed – i replaced hacked one
It’s possible. Do you have a front-page.php? Generally, with a site like yours there’s a front-page.php and an index.php.
If you can delete the index.php on your server and replace it with the index.php stored on your computer, that should resolve your issue.
Thread Starter
quiq
(@quiq)
index.php was replaced with original wordpress file at once after the attack. I cannot find a front-page.php file.
Generally the way a Category page (such as news) works is that it will use category-slug.php with slug being whatever is being displayed (so news uses category-news.php) if the file exists. If it does not, it defaults to category.php. If that does not exist, it will default to index.php.
Within your index.php, there is a div with the id of “archivearea”. The code that’s displaying the “turkish hacker” is:
backticks<HTML><HEAD><TITLE>iskorpitx</TITLE>
</p>
<META http-equiv=Content-Type content=”text/html; charset=windows-1252″><META content=”Microsoft FrontPage 6.0″ name=GENERATOR></HEAD><BODY text=#999999 bgColor=#000000 leftMargin=0 topMargin=0><STYLE type=text/css>A:link {
COLOR: #999999; TEXT-DECORATION: none
}
A:visited {
COLOR: #00ff00; TEXT-DECORATION: none
}
A:active {
COLOR: #004500; TEXT-DECORATION: none
}
A:hover {
COLOR: white; TEXT-DECORATION: none
}
</STYLE><STYLE fprolloverstyle>A:hover {
COLOR: #ffffff
}
</STYLE><STYLE>BODY {
SCROLLBAR-ARROW-COLOR: #000000; SCROLLBAR-BASE-COLOR: black
}
</STYLE><td width=”16%” bgcolor=”#000000″></td><P align=center>
<img src=”http://www.mavi1.org/atam.gif”></P>
<P align=center>
<P align=center><B><FONT size=7> </FONT><FONT size=6>BY iSKORPiTX</FONT></B></P>
<P align=center><font size=”5″><b>(TURKISH HACKER)</b></font></P>
<P align=center><b>ALEMiN KRALI</b></P>
<P align=center> </P>
<P align=center><FONT size=5>best regards to all world</FONT></P>
<P align=center> </P></BODY></HTML>backticks
and it’s between your “archivearea” and “sidebar”. Can you find any code in your index.php that is between those two divs?
What version of WordPress are you running and what is the name of the theme?
Thread Starter
quiq
(@quiq)
@realchaseadams unfortunately, I cannot find the code in index.php. The code in the file is
<?php
/**
* Front to the WordPress application. This file doesn’t do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define(‘WP_USE_THEMES’, true);
/** Loads the WordPress Environment and Template */
require(‘./wp-blog-header.php’);
?>
and that’s all. I believe I can manage to repair it without reinstalling WordPress, please, help me to do this.
Thread Starter
quiq
(@quiq)
I have just solved the problem, all I had to do was to replace invalid file.
Everything works now.
Thank you for supporting me,
Best regards
I’m running 2010 Weaver. I found the suspect code here:
Editor>Main Index Template
All coding was gone except about 4 or 5 lines of Iskorptix stuff. I deleted the suspect code and then copied and pasted the correct code from another wordpress site that happens to be running the save theme.
All seems ok now. Still waiting to hear from my hosting support outfit.
