Support » Fixing WordPress » no access to multisite

  • current_existing_token_placeholder_ */ @include_once(“/home3/ajmcom1/public_html/logo-design/wp-content/plugins/MZNe.php”); /* end_current_existing_token_placeholder_ */ ?>

    Please help, I have deleted this file, renamed the plugins and themes folder and its not possible to log in to my multi site-

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Sorry but that’s a little unclear. Are you getting any error messages in your web server’s log? Also check the mu-plugins directory in case there is a plugin there that is causing problems for you.

    http://codex.wordpress.org/Must_Use_Plugins

    This is my server error log

    [ Moderator note: You really want to use the code button or backticks for log lines. ]

    [Fri Apr 26 04:20:27 2013] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!
    [Fri Apr 26 04:20:27 2013] [notice] [client 80.35.209.37] mod_rbl: 80.35.209.37 is listed in RBL.
    [Fri Apr 26 04:20:28 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    [Fri Apr 26 04:20:28 2013] [warn] RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.
    [Fri Apr 26 04:20:28 2013] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!
    [Fri Apr 26 04:20:28 2013] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    [Fri Apr 26 04:20:28 2013] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!
    [Fri Apr 26 04:20:28 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    [Fri Apr 26 04:20:28 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    [Fri Apr 26 04:20:29 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    [Fri Apr 26 04:20:29 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    [Fri Apr 26 04:20:30 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    [Fri Apr 26 04:20:31 2013] [error] [client 91.195.182.223] File does not exist: /usr/local/apache/htdocs/autodiscover
    Use of uninitialized value $1 in concatenation (.) or string at /usr/local/cpanel/cgi-sys/fourohfour.cgi line 31.
    [Fri Apr 26 04:20:35 2013] [notice] cannot use a full URL in a 401 ErrorDocument directive --- ignoring!
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 220-just82.justhost.com ESMTP Exim 4.80 #2 Fri, 26 Apr 2013 04:20:36 -0600
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 220-We do not authorize the use of this system to transport unsolicited,
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 220 and/or bulk e-mail.
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-just82.justhost.com Hello localhost.localdomain [127.0.0.1]
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-SIZE 52428800
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-8BITMIME
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-PIPELINING
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-AUTH PLAIN LOGIN
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-STARTTLS
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250 HELP
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-just82.justhost.com Hello localhost [127.0.0.1]
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-SIZE 52428800
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-8BITMIME
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-PIPELINING
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-AUTH PLAIN LOGIN
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250-STARTTLS
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250 HELP
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 250 OK
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 550-Verification failed for
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 550-No Such User Here
    [Fri Apr 26 04:20:36 2013] [error] [client 41.99.65.185] 550 Sender verify failed

    I mentioned in the original message that I had renamed the plugins folder and the themes folders so there can’t be a problem there.

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    Unfortunately that doesn’t really reveal much. Can you share the link to your site? I have a feeling your site is hacked.

    See this line?

    @include_once("/home3/ajmcom1/public_html/logo-design/wp-content/plugins/MZNe.php");

    That is not legitimate and you shouldn’t have an explicit include_once like that.

    If you are hacked then you need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
    http://codex.wordpress.org/Hardening_WordPress
    http://www.studiopress.com/tips/wordpress-site-security.htm

    Moderator Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Can you link the site in question?

    This happened to a bunch of my WordPress sites as well. I was able to clear out the offending code. However they get in, they add a new php file somewhere like in the plugins, wp-includes or uploads folder and then modify the header.php of any themes installed on the site.

    One of my colleagues had all of his client’s sites hacked on May 19, all of mine were hit on May 18. Same thing in all of them.

    If anyone has any insight into how they may have gotten in and how to prevent it in the future, I’m all ears.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘no access to multisite’ is closed to new replies.