Title: karcher's Replies | WordPress.org

---

# karcher

  [  ](https://wordpress.org/support/users/karcher/)

 *   [Profile](https://wordpress.org/support/users/karcher/)
 *   [Topics Started](https://wordpress.org/support/users/karcher/topics/)
 *   [Replies Created](https://wordpress.org/support/users/karcher/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/karcher/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/karcher/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/karcher/engagements/)
 *   [Favorites](https://wordpress.org/support/users/karcher/favorites/)

 Search replies:

## Forum Replies Created

Viewing 14 replies - 1 through 14 (of 14 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[GoodReviews] Referrers not being set?](https://wordpress.org/support/topic/referrers-not-being-set-1/)
 *  Thread Starter [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/referrers-not-being-set-1/#post-5945381)
 * Ok. Let me see if I can get more data from my ISP on what the offending traffic
   was, or run some tests with/without the plug-in enabled and see if I can get 
   you more information. This may take me a few days.
 * Kat
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Five Star Restaurant Reviews] Referrers not being set?](https://wordpress.org/support/topic/referrers-not-being-set/)
 *  Thread Starter [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [11 years, 2 months ago](https://wordpress.org/support/topic/referrers-not-being-set/#post-5906030)
 * Oops. Yes, I think I got the wrong plugin. Sorry about that 🙁
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Default RSS feed dead since upgrading to WordPress 2.7.1](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/)
 *  Thread Starter [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [17 years, 3 months ago](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/#post-1020674)
 * Yep. Before I saw your post I saw another response to a different mal-formed 
   xml problem that mentioned the wp-config. I had edited it through my ftp app,
   which I *won’t* be doing again.
 * I re-started with the 2.7.1 wp-config-sample.php, edited for my data, and re-
   uploaded it, and that seemed to fix the problem. Although Firefox continued to
   whine until I restarted it.
 * Thanks!
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Default RSS feed dead since upgrading to WordPress 2.7.1](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/)
 *  Thread Starter [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [17 years, 3 months ago](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/#post-1020670)
 * Well, validator.w3.org says all my feeds are valid.
 * Not sure why firefox, feedvalidator and other apps pulling my feed into places
   like facebook don’t like it.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Default RSS feed dead since upgrading to WordPress 2.7.1](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/)
 *  Thread Starter [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [17 years, 3 months ago](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/#post-1020666)
 * Oh, and to answer the question, the other feeds seem borked as well. So is my
   comments feed.
 * Although I don’t know what application to use to “view” an atom feed.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Default RSS feed dead since upgrading to WordPress 2.7.1](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/)
 *  Thread Starter [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [17 years, 3 months ago](https://wordpress.org/support/topic/default-rss-feed-dead-since-upgrading-to-wordpress-271/#post-1020664)
 * When I view the page source from my feed, it looks like this:
 *     ```
       <?xml version="1.0" encoding="UTF-8"?>
       <rss version="2.0"
       	xmlns:content="http://purl.org/rss/1.0/modules/content/"
       	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
       	xmlns:dc="http://purl.org/dc/elements/1.1/"
       	xmlns:atom="http://www.w3.org/2005/Atom"
       	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
       	>
       ```
   
 * When I view the page source from another site’s working feed, it looks like this:
 *     ```
       <?xml version="1.0" encoding="UTF-8"?>
       <rss version="2.0"
       	xmlns:content="http://purl.org/rss/1.0/modules/content/"
       	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
       	xmlns:dc="http://purl.org/dc/elements/1.1/"
       	xmlns:atom="http://www.w3.org/2005/Atom"
       	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
       	xmlns:media="http://search.yahoo.com/mrss/"
       	>
       ```
   
 * The only difference between the two in Firefox’s page source viewer is that mine
   is shown with syntactic highlighting and the working feed is not (plus the working
   feed has an extra git about yahoo search, but I figure that’s not relevant).
 * I’m almost suspecting some weird line feed or carriage return problem. Because
   I can see no relevant difference between the working code and mine.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Security issue, multiple sites](https://wordpress.org/support/topic/security-issue-multiple-sites/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [18 years ago](https://wordpress.org/support/topic/security-issue-multiple-sites/page/3/#post-740171)
 * As a final clean-up note for your databases, not only should you check your active
   plugins database entry in wp_options, but in your wp_posts, and wp_postmeta tables,
   look for the following and delete these entries:
 * in wp_posts:
    any post titled rzf.txt (or a filename/title you do not recognize).
   Make a note of the post_id if you find any of these.
 * in wp_postmeta:
    entries that list an attachment for the post_id you noted above.
   They will have meta_keys of _wp_attached_file and _wp_attachment_metadata and
   post_ids matching any hidden posts you found above. the meta_value will point
   to files like rzf.txt, or the bad pngs and jpegs mentioned in prior posts
 * I was just doing some extra surveying of my site when I came across these entries
   I overlooked the first time around. Since I’d cleared the attachments out of 
   uploads already, no extra harm done.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [[Plugin: AskApache Password Protect] htaccess support not found?](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [18 years, 1 month ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/#post-753898)
 * Hi,
 * Thanks. 4.0.2.2 seems to have taken care of the warning. Oh, and thanks for fixing
   the checkbox display too.
 * The only very minor thing is that at the top of the options page, beneath the
   links to your website and .htaccess tutorials, but above the “AskApache Password
   Protect” heading, I always see the following characters:
 * ‘;
 * This seems purely cosmetic though. The plug-in appears to be working fine for
   me now.
 * Sorry for the late reply. I’ve been out of town…
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [[Plugin: AskApache Password Protect] htaccess support not found?](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [18 years, 1 month ago](https://wordpress.org/support/topic/plugin-askapache-password-protect-htaccess-support-not-found/#post-753830)
 * I get this warning now using version 4.0.1. I probably won’t be able to upgrade
   to php 5.
 * Warning: Invalid argument supplied for foreach() in /wp-content/plugins/askapache-
   password-protect/askapache-password-protect.php on line 701
 * However, the setup seems to load fine. Will see what happens next.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Security issue, multiple sites](https://wordpress.org/support/topic/security-issue-multiple-sites/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [18 years, 1 month ago](https://wordpress.org/support/topic/security-issue-multiple-sites/page/3/#post-740112)
 * Me again.
 * After studying the payload file, I would really appreciate someone more competent
   than me having a look:
 * 1) To tell me the extent of the damage to my security. What exactly did the hack
   do and what did the hackers get from me?
 * 2) To tell me if the steps mentioned by above posters are sufficient for getting
   rid of it. js.php seems to try to restore the hack, or embed stuff to restore
   it. It also seems to affect wp-includes/functions.php, or try to, which worries
   me, because I hadn’t seen that mentioned by anyone yet. I’m assuming my update
   to 2.5.1 clobbered whatever it did to functions.php, but I can’t be sure.
 * Just tell me who to communicate with to send the file to and I will pass it along.
 * Kat
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Security issue, multiple sites](https://wordpress.org/support/topic/security-issue-multiple-sites/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [18 years, 1 month ago](https://wordpress.org/support/topic/security-issue-multiple-sites/page/3/#post-740111)
 * I don’t know if this is helpful information to anyone trying to track down the
   source of this problem, but I’ll post it just in case.
 * I discovered the hack today when I tried to upgrade from 2.5 to 2.5.1. After 
   following this thread, I found the offending lines of php code in one of my templates,
   plus all the rest.
 * Up until April 19, I was running WP 2.0.4. On April 19, I backed up my entire
   site in preparation for the move to 2.5.
 * I’ve had a look through that backup. On that date, my template files were OK.
   So the hack hadn’t been triggered yet. However, in my wp-content/uploads folder,
   there is a file called js.php, dated April 3.
 * This file seems to be the one with the payload for the hack. I’m not really a
   php coder but have enough of a software background to recognize it’s not doing
   nice things, and believe I’ve found the piece of code that injects the offending
   line of PHP code into the beginning of people’s files. The file makes several
   references to the following URL [http://unurex.cn](http://unurex.cn)
 * Is there anyone I can send this file to for study? I’m not that familiar with
   the system around here.
 * Katrina
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Security issue, multiple sites](https://wordpress.org/support/topic/security-issue-multiple-sites/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [18 years, 1 month ago](https://wordpress.org/support/topic/security-issue-multiple-sites/page/3/#post-740110)
 * ultrasonic, this was a HUGE help.
 * I’ll be keeping an eye on my db for a while to see if more problems crop up.
 * Thanks so much for all the sleuthing.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Comment generated when saving post with link to id name](https://wordpress.org/support/topic/comment-generated-when-saving-post-with-link-to-id-name/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/comment-generated-when-saving-post-with-link-to-id-name/#post-368117)
 * Thanks!
 * .slaps forehead and goes off to read glossary 🙂
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Comment generated when saving post with link to id name](https://wordpress.org/support/topic/comment-generated-when-saving-post-with-link-to-id-name/)
 *  [karcher](https://wordpress.org/support/users/karcher/)
 * (@karcher)
 * [20 years, 2 months ago](https://wordpress.org/support/topic/comment-generated-when-saving-post-with-link-to-id-name/#post-368111)
 * I am also seeing a similar problem. I had not been able to determine the pattern
   to these comments but now that you mention it, they all contained links. The 
   last one had links to both external sites and other posts on my blog. I’ve just
   run a test and it turns out only the internal links generate these spurious comments.
 * The comment comes up as being from my post, with my post’s URI and with my ISPs
   IP address. The body is a snippet of the original post.
 * I use the recommended way of linking to internal posts:
 * `<a href="http://www.myblog.com/journal/index.php?p=29">internal link</a>`
 * I’m running wordpress 2.0.2

Viewing 14 replies - 1 through 14 (of 14 total)