Support » Fixing WordPress » Malware detection causes invisibility?

  • FELIXjk007

    (@felixjk007)


    Hi beautiful bloggers

    So, I get an email from iPage ( yes, I am thinking of cvhanging to a new host Arvixe seem nice…suggestions there too? ) after my website goes down. ‘They’ tell me its because my site has been ‘hacked’ ( really? ) and that I need to delete these files:

    I do this and now I get this message:

    Fatal error: Call to undefined function wp_initialize_the_theme_message() in /hermes/bosnaweb02a/b693/ipg.gamesmediaprocouk/wp-content/themes/GameBlack/header.php on line 1

    iPage now say that they want authorisation to completely adjust the theme, site and wordpress settings?

    has anyone got any idea what the Hell they are babbling on about? Or has anyone else been scammed into buying extra products in this way by iPage ( they want me to buy ALL manner of software ‘to avoid further issues in future’

    Trust me, there has been NO hack, there are NO infected files, the files they had me delete ( as you can see yourself ) are not malware, and there is NO WAY someone got into the site either remotely with a RAT or by malware from infected files on my PC ( scanned every day morning and night and nothing is here ). There has been NO hack of the log in, no emaiul hack, no thing detected by WP, Jetpack, Avast, SpyBot, BitDefender, CCleaner, or even Sitelock???

    any suggestions or experiences would be VERY welcome

    thanks guys

    hope this doesn’t happen to you

    Jamie

Viewing 15 replies - 1 through 15 (of 15 total)
  • ncreative

    (@brainesia)

    Please paste the code inside header.php so I can review it

    ncreative

    (@brainesia)

    I think iPage will not do dirty job like that.
    There are many website that hacked but the owner will never know about that. Usually it redirect the site if the traffic come from search engine, or use it as spam server. Nothing change in your website, but they do something in the backend.
    It’s better if you allow the iPage to do their job. I think they will not charge for this service

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    FELIXjk007

    (@felixjk007)

    thanks Jan. the only thing iPage sent me was details of the files to be pulled, not them actual hack/code

    wp-includes/css/dashicons.min_prevv1.php
    wp-includes/SimplePie/HTTP/Parser_old.php
    wp-includes/js/tinymce/plugins/wplink/plugin_backup.php
    wp-includes/js/tinymce/plugins/tabfocus/plugin_prevv1.php
    wp-includes/js/tinymce/license_new.php
    wp-includes/js/tinymce/skins/lightgray/fonts/tinymce_bck_old.php
    wp-includes/js/tinymce/skins/e43ca6aa_old.php
    wp-includes/js/jquery/ui/jquery.ui.effect-clip.min_new.php
    wp-includes/images/wlw/wp-comments_new.php
    wp-includes/feed-rdf_new.php
    wp-admin/css/revisions-rtl_old.php
    wp-admin/css/colors/blue/colors-rtl.min_new.php
    wp-admin/css/colors/coffee/colors.min_new.php
    wp-admin/css/colors/ectoplasm/colors.min_infoold.php
    wp-admin/css/colors/_mixins_new.php
    wp-admin/includes/theme-install_bck_old.php
    wp-admin/js/language-chooser_bck_old.php
    wp-admin/network/site-users_indesit.php
    wp-admin/images/spinner_new.php
    wp-admin/post-new_new.php
    wp-content/plugins/smooth-slider/29d96019_prevv1.php
    wp-content/themes/weaver-ii/includes/admin-pro_ver1.php
    wp-content/themes/weaver-ii/js/PIE/PIE_uncompressed_backup.php
    wp-content/themes/weaver-ii/js/superfish/images/rtl-arrows-ffffff_prevv1.php
    wp-content/themes/weaver-ii/f0bfe24e_ver1.php
    wp-content/themes/weaver-ii/functions.php
    wp-content/themes/DarknessGame/functions.php
    wp-content/themes/DarknessGame/images/social-icons/email_old.php
    wp-content/themes/DarknessGame/css/screen_noversion.php
    wp-content/themes/GamingZone/functions.php
    wp-content/themes/GamingZone/menu/custom_indesit.php
    wp-content/themes/GamingZone/archive_infoold.php
    wp-content/themes/iGaming-2.0/functions.php
    wp-content/themes/GameBlack/functions.php
    wp-content/themes/GameBlack/images/search_ver1.php
    wp-content/themes/twentyfourteen/images/fcb181c2_bck_old.php
    wp-content/themes/twentyfourteen/functions.php
    wp-content/themes/GamingWeb/functions.php

    these are the offending files, apparently?

    Jamie

    ncreative

    (@brainesia)

    After checking your files list, I think your website is really hacked.

    FELIXjk007

    (@felixjk007)

    those files ( and every other theme ) have been deleted. but I still do not see how the files could have got into the website?

    if someone can guess the password then fair play, they have got some amazing brain on them to get past a special char, alpha numeric, upper and lower case of 32 digits

    but from my end, ( and this being the ONLY computer that has database access ) I don’t understand how they got in without hacking this computer, which they didn’t?

    that is my main issue.

    iPage seem reluctant to indicate how they found out, how they identified the hacked files but failed to delete them and instead opted to shut us down and then say £” but if you pay us we will do it for you “

    the files are fixed now ( through our own efforts not iPage’s ) and we will be relocating the website to a new host ( 1&1 or Blue Host, probably? Arvixe have a poor uptime ratio of only 76% ) . But I would still LOVE to know how ‘they’ did it

    FELIXjk007

    (@felixjk007)

    by the way, this has happened regular as clockwork between March 17th and April 17th every year since 2013

    ( auto-renewal is for April 26th 🙂 lol coinky-dink?? )

    Moderator Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    You’re best asking your hosting providers how this could have happened – they have logs on their servers that tell you what happened at any action, at any time.

    ncreative

    (@brainesia)

    I ever handle server with 300+ WordPress sites. And always got attack everyday. The attacker is not hack your password to put those files. They usually use bug from old themes, old plugins and old WordPress core. Always make sure your themes, plugins and WordPress core is the latest version.

    FELIXjk007

    (@felixjk007)

    hi guys, thanks ever so much for all the great advice. I am not the most clued up when i comes to code and the technical side of things but I can always count on the WP community to come to my resue.

    Apparently they got in through YouTube plug in.

    The plug in has been removed and replaced.

    thanks to everyone at WP. You guys are the very best!

    FELIXjk007

    (@felixjk007)

    by the way, different topic, same related, after replacing the plug in I now get this…?

    Notice: Undefined index: page in /hermes/bosnaweb02a/b693/ipg.gamesmediaprocouk/wp-content/themes/GameBlack/functions.php on line 269

    as you can imagine….I have no idea 🙂

    WPyogi

    (@wpyogi)

    Forum Moderator

    different topic,

    Please start a new thread. That’s a problem with your theme – you will need to deactivate the theme manually by renaming it on the server – and then ask the developers of the theme for help.

    FELIXjk007

    (@felixjk007)

    thanks Yogi.

    will change the theme altogether now I think as my webhost is now saying there is a problem from wordpress flagging the IP?

    why would that be, the security issue was not a hack and was an out of date plug in…and wordpress didn’t identify we did….and then removed it.

    can you let me know what, why and when please Yogi? thanks

    FELIXjk007

    (@felixjk007)

    okay Yogi, theme disabled…..now what do I do? Should I just rebuild with a different theme? I don’t want to re-install and I don’t want to use the provider of the theme again if they have issues with WP

    FELIXjk007

    (@felixjk007)

    aaaaah!!
    bope, got it! all sorted. I remember now, we had this same ‘security’ issue when the new wordpress update happened last year around the same time. it is because of ‘unsupported theme’

    thank you SO much Yogi. you can bin this thread now. I’ll get cracking with a new temporary theme until I can get a wed designer onto the issue

    thanks so much

    have a great night

    Jamie

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘Malware detection causes invisibility?’ is closed to new replies.