WordPress.org

Ready to get started?Download WordPress

Forums

Top of page: The page you are looking for is temporarily unavailable. (20 posts)

  1. johntodd
    Member
    Posted 2 years ago #

    Seemingly randomly, and across 2 or 3 of my sites, I get the message at the very top of the page:

    "The page you are looking for is temporarily unavailable.
    Please try again later."

    The pages load up just fine, it's just that this message pops up from time to time. Has anyone experienced this issue lately?

    <img src="http://i.imgur.com/SgSqB.jpg" alt="" title="Hosted by imgur.com" />

  2. christogeretz
    Member
    Posted 2 years ago #

    Is there something in your header (external link/image) it can't find?

    Next time you get the error, look at the page source?

  3. Jonas Grumby
    Member
    Posted 2 years ago #

    Look at the <head> section of a page's source code and see if it is calling in any scripts or other stuff from servers other than your own.

  4. geilt
    Member
    Posted 2 years ago #

    I am looking into this at the moment as well

    This is what is happening on a site that is also being infected by Iframe injections, seemingly at RANDOM.

    I cant figure out where its being called in from, I disabled all plugins and it still shows...

    It looks like Javascript is loading a site and then removing the iframe from visibility, this is very malicious if I am right. This has happened ton a development site but has not spread to any other live sites. Only one site, and I cant figure out why.

    Would love to compare notes. I think my contact info is in my profile.

  5. GTD2011
    Member
    Posted 2 years ago #

    I´m having the same problem in 7 of my 12 wordpress sites. I have been fighting with malware during last week. All began with Timthumb script hack ... my sites were full with invisible links in the header stright to sites selling viagra, etc.

    I cleaned some malicious code in the index and replaced de js files with updated and clean ones. It seemed to be resolved, but now I have the same problem you talked about; some sites don´t load and the others have the "the page you are looking for ..." in the header.

    Any idea about how to solve it??

  6. geilt
    Member
    Posted 2 years ago #

    I figured out the issue. Just solved it.

    The problem is a function injected into wp-settings.php

    Its causing a huge mess,

    the function is called counter_wordpress

    It has tons of encrypted data that loads info on your site, I am writing a blog on it, and will post it soon.

    DELETE THAT FUNCTION. its near the end of your wp-settings.php

    But before you modify the file check the last time it was updated and see if it is the same as other files on your server, otherwise it may be in a different location on yours. The script is dynamic and works in any function, it may be randomized.

    Check all your file permissions and see if they have changed.

    If anything scan your wordpress directory for wp_head and see if anything looking like the code I am about to post in the blog is there.

    Will leave instructions on blog as well.

  7. johntodd
    Member
    Posted 2 years ago #

    Ah.... thanks Geilt. I spent half the day working on it and came back hoping someone had a clue.

    I'll take a look, and anxiously await your blog post!

  8. geilt
    Member
    Posted 2 years ago #

    Here is the blog post, its a long explanation, but has a shortlink to the solution.

    Man that was exhausting. Hope it helps!

    http://www.esotech.org/resources/cms/wordpress/wordpress-header-javascript-and-iframe-injection-problem-solution-and-analysis

    Shortlink: http://esote.ch/pvqXUA

  9. GTD2011
    Member
    Posted 2 years ago #

    ¡¡¡ Great post Geilt!!! Perfectly explained. If it´s useful for you, this is what I found in one of my infected sites (www.example.com):

    In the header.php, this line:

    http://www.example.com/xmlrpc.php?rsd"

    And that takes to:

    <?xml version="1.0" encoding="UTF-8" ?>
    - <rsd version="1.0" xmlns="http://archipelago.phrasewise.com/rsd">
    - <service>
    <engineName>WordPress</engineName>
    <engineLink>http://wordpress.org/</engineLink>
    <homePageLink>http://www.example.com</homePageLink>
    - <apis>
    <api name="WordPress" blogID="1" preferred="true" apiLink="http://www.example.com/xmlrpc.php" />
    <api name="Movable Type" blogID="1" preferred="false" apiLink="http://www.example.com/xmlrpc.php" />
    <api name="MetaWeblog" blogID="1" preferred="false" apiLink="http://www.example.com/xmlrpc.php" />
    <api name="Blogger" blogID="1" preferred="false" apiLink="http://www.example.com/xmlrpc.php" />
    <api name="Atom" blogID="" preferred="false" apiLink="http://www.example.com/wp-app.php/service" />
    </apis>
    </service>
    </rsd>

    Of course, I dont´t know what http://archipelago.phrasewise.com .. Maybe other infected site???

  10. geilt
    Member
    Posted 2 years ago #

    May I ask what the permission settings are on the files and directories? I need to update my blog post with that part of the explanation tomorrow, with logs I saved

  11. geilt
    Member
    Posted 2 years ago #

    Make sure do do a grep search thru your source for wp_head and examine what's loading.

  12. GTD2011
    Member
    Posted 2 years ago #

    Thank you very much! I was wasting a lot of days trying to solve it. I wish I could give you any useful information to your article. This is how it happened to me:

    - I had some WP websites that used themes from Elegant Themes with an script called timthumb. This script was hacked and hackers could infect all the sites I had in my server. You can know more about this here ( http://markmaunder.com/2011/08... )

    - Some of my sites were blacklisted by Google and the infection still goes on, as you described before. I have found hundred of links hidden, linking to viagra sellers.

    - Before I was hacked by timthumb.php hole, my permissions were 777 (great error!!). I think this was the way they used.

    Now I´m probing your solution in all my sites. You´ll receive feedback. Thanks!

  13. johntodd
    Member
    Posted 2 years ago #

    Update... I just visited my site, and was redirected to a different page.

    Google intercepted it and tossed up a Malware alert page.

    The page in question is winorislic.345.pl.

    So... off I go to clean up the mess. Thanks again for everyone's help.

  14. johntodd
    Member
    Posted 2 years ago #

    Also, for what it's worth, when I made the deletion in the wp-settings.php file, many of my widgets and plug-ins disappeared from the index page. Everywhere else on the site seems to be ok.

  15. GTD2011
    Member
    Posted 2 years ago #

    In spite of deleting just a part of wp-settings.php I have deleted it completely, and then I have uploaded the original wp-settings.php of wordpress version (3.2.1), without having problems with widgets ...

  16. johntodd
    Member
    Posted 2 years ago #

    Good idea. Let me give that a try.

    My widgets are gone from the back end also. What a mess!

  17. johntodd
    Member
    Posted 2 years ago #

    It works perfectly.

    Thanks GTD2011 and Geilt. You've saved a lot of grief!

  18. GTD2011
    Member
    Posted 2 years ago #

    I have restored all my pages, all of them working after one week of nighmare.
    Thanks again for help received!

  19. geilt
    Member
    Posted 2 years ago #

    GTD2011 thanks for the PDF link. the code shown is exactly what I had found and removed and is posted in my blog. The payload, or effect on yours was different than mine. because the iframe and malware scripts that load actually come from a third party server.

    The effects can be chosen based on the virus programmers criteria, thats why you got viagra ads and i got different ads. more than likely the algorithm is based off the users collected data that is sent in the cURL| function.

  20. paranoidandroid88
    Member
    Posted 1 year ago #

    @GTD2011, you said:
    "Of course, I dont´t know what http://archipelago.phrasewise.com .. Maybe other infected site???"

    I have the same inside my xmlrpc.php file which for the last two weeks I have not been able to log into my WP blog via mobile apps.

    Clicking on the 'Daniel" guy at archipelago site redirect, Google gave me a stern warning this site was a know malware infection site. So now i'm freaked out and wondering why this isn't more widely warned amongst new WP bloggers.

    I don't have a solution yet, but am reading the posts and have reset all my pw's. I would suggest people do like wise.

    PM99

Topic Closed

This topic has been closed to new replies.

About this Topic