Virus is PHP.Shell-83
First it was found by antivirus of my hosting, and then my antivirus said the same.
*Drinks coffee, wonders why users post 1 star reviews without checking first. Drinks even more coffee*
Either it’s a false positive or your system is hacked.
There’s no virus in that file.
It’s not even that big a file. You really should check your system. If there’s more than that small file in your copy then your WordPress installation has been compromised and hacked.
elistrov: Akismet itself does not contain any code that would be flagged as PHP.Shell-83. It’s likely that your WordPress installation was compromised as described in this article, which also has some tips on preventing it from happening again: http://www.totalcomputersusa.com/2012/05/evalbase64_decodehardening-php-how-to-protect-your-site-and-your-visitors/
I think there is a virus in Akismet too. I have a brand new, virtually blank, WP 3.9.1 install and every time I activate Aksimet AND select “Silently discard the worst and most pervasive spam so I never see it.” then pages start redirecting to a “The page you requested is not available” dsparking page under an iframe. It is a dark blue page with a menu for car insurance, discount dental plans, etc.
My computer and browser are clear of virus. Dsparking is no where on my personal computer. I have no other plugins and only one theme. I deleted every single file as well as the entire database. Everything is fine, including the one theme, until I click the Akismet setting: “Silently discard…” and then my site no longer works properly. This has happened 3 times today but ONLY after I click “Silently discard…” setting on Akismet. Once I click that setting, it’s done and nothing works except to delete the database and start over.
If you Inspect Element on the redirected page, there is a <frame set> just below the <head> that is redirecting the page:
[ redacted ]
Thanks MacManX, but I don’t see how a brand new 1 hr old install can be hacked, repeatedly, three times in one day, every time I delete the database, change the passwords and user IDs, and reinstall.
However, I don’t think this is an Akismet problem any more. I think there is something wrong with IX Webhosting (although they deny it). I am moving on to a more respected WordPress hosting service. I only used this one because I am doing this website for a friend, and this is his current hosting service.
- The topic ‘It has a virus’ is closed to new replies.