Support » Fixing WordPress » admin-ajax.php – Error 404

  • Hi all,

    I created a website for a small bed and breakfast, but I found a problem, which I don’t understand if it is depended on WordPress or the server.

    This website uses a pop-up animation to show the room description. The problem is that this popup has stopped working in the last week. From browser console, I noticed that the whole thing depends on a 404 error (admin-ajax.php not found).

    To be able to solve the problem temporarily, I simply reinstall WordPress from dashboard. The problem doesn’t occur again for a whole day, all works fine! But the next day all starts over and the problem presents again (this cycle continues like this every day). For this reason I do not understand if it is a server problem or not.

    Please, can I ask you for help? Unfortunately I’m not very technical.

    Thank you

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Can you please write steps of code what you have did may be there is any issue of path. CMake sure you have used proper coding standards and right way.

    Unfortunately, the code was not written by me (the developer says that the problem does not depend on him).

    However, I believe this is the portion of code that controls room popup:

    jQuery(document).ready(function($){
    
    $('.special-room button.btn, .rooms-sec button.btn').live('click', function(e){
    
    		e.preventDefault();
    
    		$('#room.modal').html('');
    
    		var thislink = this;
    
    		var page_id = $(this).data('id');
    
    		
    
    		$.ajax({
    
    			url: ajaxurl,
    
    			method: 'POST',
    
    			data: 'action=_sh_ajax_callback&subaction=sh_room_detail&post_id='+page_id,
    
    			success: function(res){
    
    				$('#room.modal').html(res);
    
    			}
    
    		});
    
    		
    
    	});
    

    I forgot to say a very important thing. The popup has no problems if I am logged into WordPress admin panel (the browser recognizes “admin-ajax.php” file).

    How is this possible?

    This is the error detail:

    jquery.js?ver=1.12.4:4 POST http://lettoacastello.net/wp-admin/admin-ajax.php 404 (Not Found)
    send @ jquery.js?ver=1.12.4:4
    ajax @ jquery.js?ver=1.12.4:4
    (anonymous) @ script.js?ver=4.9.1:207
    dispatch @ jquery.js?ver=1.12.4:3
    r.handle @ jquery.js?ver=1.12.4:3

    • This reply was modified 11 months, 2 weeks ago by  meng86. Reason: added error details

    UPDATE

    After tinkering a bit with the admin-ajax.php file, I found the string that causes the problem. If I remove it, everything works correctly until the next day, when the string is automatically recreated. If you see the file [dropbox.com/s/ftez6ctvnxri84q/admin-ajax.php?dl=0], you will see that the first string is very strange:

    <?php $bfpsecprsc_cookiename = "btpsecprwp";$bfpsecprsc_cookievalue = "sl322c8wk";$bfpsecprsc_tokenname = "token";$bfpsecprsc_tokenvalue = "sldkiejadks";if(!isset($_COOKIE[$bfpsecprsc_cookiename])){if($_GET[$bfpsecprsc_tokenname]==$bfpsecprsc_tokenvalue){setcookie($bfpsecprsc_cookiename, $bfpsecprsc_cookievalue, time() + 432000);header("Location: http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?" . str_replace($bfpsecprsc_tokenname . "=" . $bfpsecprsc_tokenvalue . "&", "", $_SERVER['QUERY_STRING']));return;}header("HTTP/1.0 404 Not Found");$bfpsecprsc_redirecturl = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?" . $bfpsecprsc_tokenname . "=" . $bfpsecprsc_tokenvalue . "&" . $_SERVER['QUERY_STRING'];$bfpsecprsc_redirecthtml = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html>\n<head>\n<title>...</title>\n<meta http-equiv=\"refresh\" content=\"2;url=" . $bfpsecprsc_redirecturl . "\"></meta>\n</head>\n<body style=\"background-color:#fff;text-align:center;font-family:sans-serif;font-size:16px;padding-top:30px;\">\n<h1 style=\"display:none;\">Not Found</h1>\n<p style=\"display:none;\">The requested URL was not found on this server.</p><p style=\"font-size:20px;margin-bottom:15px;\">Caricamento in corso...</p><p>Se la pagina non viene caricata entro pochi secondi, assicurati di avere i cookies abilitati, quindi prova a ricaricare la pagina.</p>\n</body>\n</html>";echo ($bfpsecprsc_redirecthtml);return;} ?>

    I am not very expert in coding, but what can this string be linked to? Malware?

    • This reply was modified 11 months, 1 week ago by  meng86.

    Make sure you have used proper action from below hooks in function.php.
    add_action( ‘wp_ajax_my_action’, ‘my_action’ );
    add_action( ‘wp_ajax_nopriv_my_action’, ‘my_action’ );

    • This reply was modified 11 months, 1 week ago by  Ronak Ganatra.

    Thank you @ronakganatra for your reply.

    I think the “functions.php” file has no problems. I share it with you for scruple:
    https://www.dropbox.com/s/tq6g7650hhh6bac/functions.php?dl=0

    The problem is caused by this code string in the admin-ajax.php file:
    <?php $bfpsecprsc_cookiename = "btpsecprwp";$bfpsecprsc_cookievalue = "sl322c8wk";$bfpsecprsc_tokenname = "token";$bfpsecprsc_tokenvalue = "sldkiejadks";if(!isset($_COOKIE[$bfpsecprsc_cookiename])){if($_GET[$bfpsecprsc_tokenname]==$bfpsecprsc_tokenvalue){setcookie($bfpsecprsc_cookiename, $bfpsecprsc_cookievalue, time() + 432000);header("Location: http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?" . str_replace($bfpsecprsc_tokenname . "=" . $bfpsecprsc_tokenvalue . "&", "", $_SERVER['QUERY_STRING']));return;}header("HTTP/1.0 404 Not Found");$bfpsecprsc_redirecturl = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . "?" . $bfpsecprsc_tokenname . "=" . $bfpsecprsc_tokenvalue . "&" . $_SERVER['QUERY_STRING'];$bfpsecprsc_redirecthtml = "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html>\n<head>\n<title>...</title>\n<meta http-equiv=\"refresh\" content=\"2;url=" . $bfpsecprsc_redirecturl . "\"></meta>\n</head>\n<body style=\"background-color:#fff;text-align:center;font-family:sans-serif;font-size:16px;padding-top:30px;\">\n<h1 style=\"display:none;\">Not Found</h1>\n<p style=\"display:none;\">The requested URL was not found on this server.</p><p style=\"font-size:20px;margin-bottom:15px;\">Caricamento in corso...</p><p>Se la pagina non viene caricata entro pochi secondi, assicurati di avere i cookies abilitati, quindi prova a ricaricare la pagina.</p>\n</body>\n</html>";echo ($bfpsecprsc_redirecthtml);return;} ?>

    Every morning I delete this string (and the website works correctly), but every night it is automatically created again (it’s incredible!). I do not understand what it depends on. In the eventuality, is there a way to disable the writing of the file admin-ajax.php?

    Yeah, you can change the file permission via FTP.

    But by the sounds of it, your site has been hacked. Maybe install WordFence if you haven’t already.

    Your site is definitely hacked. You should lock it from public access and clean it before continuing with your development. The ajax issue is just a side effect of the malware code.

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.