WordPress.org

Ready to get started?Download WordPress

Forums

Strange issues out of nowhere (15 posts)

  1. mk2mark
    Member
    Posted 2 years ago #

    As of this morning, there are some problems with the site (applebrides.com) that weren't there yesterday. The same thing happened a few weeks ago, but I'm not sure what I did to resolve it - it may even have been a coincidence that things started working again.

    1. Two plugins are acting strange. There's an ad plugin in the sidebar (adrotate) which does load, but none of the ads come up. This is the "Featured Vendors" widget. No popup/ad disabling was active on the browser.

    2. The other plugin is a social media one that displays at the bottom of each post. Facebook share and tweet icons don't show up. Interestingly the tweet icon is restored if I turn off the adrotate plugin. I've disabled this for the time being.

    3. The black bar along the top when I am logged in and viewing the site has disappeared. It remains on the backend.

    All the databases seem to be ok. There seemed to be a virus on the site "blackhole exploit kit" http://www.avgthreatlabs.com/sitereports/domain/applebrides.com but I cleaned that up and there hasn't been a detection of that since it happened.

  2. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    It seems your site is still infected. See report:
    http://sitecheck.sucuri.net/results/applebrides.com

  3. mk2mark
    Member
    Posted 2 years ago #

    I can't figure it out, according to the AVG link there's 15 compromised pages, but I have no idea how to track them down. Then if you go to the AVG link, click show more about threat activity and timeline, there hasn't been any activity for quite some time. I think I've closed up the vulnerability, it was a timthumb image resizer that was part of my theme.

    If this thing still is on my site how do I get rid of it?

  4. perezbox
    Member
    Posted 2 years ago #

    Hey mk2mark

    AVG can be tricky because of how they detect things. What's good to note is if you're seeing it across a number of HTML pages then it might be good to place your focus on the files generating - PHP. Try looking at your header.php, index.php, function.php and footer.php in the theme itself.

    The odds are you have a payload in the core file which is then generating a display on the browser.

    Food for thought.

    Tony

  5. mk2mark
    Member
    Posted 2 years ago #

    I couldn't see anything out of the ordinary in any of those files. I compared them to the original theme files.

  6. perezbox
    Member
    Posted 2 years ago #

    How about the Core install?

    What else do you have on your server? Is it one site on one server?

  7. mk2mark
    Member
    Posted 2 years ago #

    Just one site on the server. Running whm/cpanel which I know is overkill. The core install seems to be ok too, it's not long since I completely overwrote everything there with the standard wordpress files and none of them show any modification since then.

  8. perezbox
    Member
    Posted 2 years ago #

    Have you submitted to AVG for reconsideration?

  9. mk2mark
    Member
    Posted 2 years ago #

    Yes, but I don't think they have done anything about it - would that be the problem? How could it have been working since they blocked it in that case?

  10. perezbox
    Member
    Posted 2 years ago #

    Here is the thing with AVG, they're slow. If you just submitted it today, you have to give it a few days. Yes, that could be the problem.

    They have to review then pass their determination, if its clean they'll remove, but they're not known for their speed.

    I don't understand your questions here:

    How could it have been working since they blocked it in that case?

    Tony

  11. mk2mark
    Member
    Posted 2 years ago #

    AVG initially blocked my site weeks ago, and I experienced what we are seeing today. However, the site started working again - even though avg still listed it as a threat. How could this be if AVG is the reason the site is acting the way it is?

  12. perezbox
    Member
    Posted 2 years ago #

    Don't know, that's a question for AVG.

    Sounds like they scanned it and found it was still housing the infection. if you feel confident you removed it then it's best to wait it out, see if they agree.

    Tony

  13. mk2mark
    Member
    Posted 2 years ago #

    Ok thanks Tony.

    I'm still curious about why my site is affected the way it is - I don't understand how a decision by AVG somewhere would affect my site, and in such a manner.

  14. mk2mark
    Member
    Posted 2 years ago #

    Something else that's strange - the slideshow is not flipping through the posts.

    I'll be honest, I find it hard to understand how these things are linked. Surely this is something confined to the server itself - it seems far to random a thing for an AVG warning about our site to affect only what it has?

  15. mk2mark
    Member
    Posted 2 years ago #

    Something I've just noticed, there is a wordpress.com stats plugin installed which works, but displays no hits to the site.

    This is all very strange and I have made no real progress, what else can I do?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags