Plugin Contributor
Greg
(@jgs)
Hi, can you elaborate on this?
Virus is PHP.Shell-83
First it was found by antivirus of my hosting, and then my antivirus said the same.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
*Drinks coffee, wonders why users post 1 star reviews without checking first. Drinks even more coffee*
Either it’s a false positive or your system is hacked.
There’s no virus in that file.
https://plugins.trac.wordpress.org/browser/akismet/tags/3.0.0/akismet.php
It’s not even that big a file. You really should check your system. If there’s more than that small file in your copy then your WordPress installation has been compromised and hacked.
My website is not hacked.
Drink more coffee before telling.
elistrov: Akismet itself does not contain any code that would be flagged as PHP.Shell-83. It’s likely that your WordPress installation was compromised as described in this article, which also has some tips on preventing it from happening again: http://www.totalcomputersusa.com/2012/05/evalbase64_decodehardening-php-how-to-protect-your-site-and-your-visitors/
I think there is a virus in Akismet too. I have a brand new, virtually blank, WP 3.9.1 install and every time I activate Aksimet AND select “Silently discard the worst and most pervasive spam so I never see it.” then pages start redirecting to a “The page you requested is not available” dsparking page under an iframe. It is a dark blue page with a menu for car insurance, discount dental plans, etc.
My computer and browser are clear of virus. Dsparking is no where on my personal computer. I have no other plugins and only one theme. I deleted every single file as well as the entire database. Everything is fine, including the one theme, until I click the Akismet setting: “Silently discard…” and then my site no longer works properly. This has happened 3 times today but ONLY after I click “Silently discard…” setting on Akismet. Once I click that setting, it’s done and nothing works except to delete the database and start over.
If you Inspect Element on the redirected page, there is a <frame set> just below the <head> that is redirecting the page:
[ redacted ]
Moderator
James Huff
(@macmanx)
Volunteer Moderator
That sounds like you have been hacked too. Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
Thanks MacManX, but I don’t see how a brand new 1 hr old install can be hacked, repeatedly, three times in one day, every time I delete the database, change the passwords and user IDs, and reinstall.
However, I don’t think this is an Akismet problem any more. I think there is something wrong with IX Webhosting (although they deny it). I am moving on to a more respected WordPress hosting service. I only used this one because I am doing this website for a friend, and this is his current hosting service.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Did you upload new files? The hack is in the files, not the database.
