samiotis
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: WordPress Hacked! List of Links in the source codeOK, after a more or less sleepless night and hours of studying protocols, I found the devil! And since I hate it when threats are closed without solution here comes the solution for this one:
The injection occurred through the plugin “Effects for NGGallery”. I recommend to immediately delete this plugin with all files in it. The bugger sits in the utmost deepest folder of the plugin. Before I deleted it (don’t bother deactivating it – who knows what that might cause…), I made note of how the injection was built.
9 files are added to the folder wp-content/plugins/effects-for-nextgen-gallery/effects/highslide/lib/themes/default/graphics/outlines
1. 370.php which contains the first crack of wp salt and attacks the storage of the secret key. And it does probably lots of other things too. Like infecting my config file with some additional keys.
2. ee7b.php does about the same as the above. Lots of encrypted stuff starting with a salt attack.
3. bi is an empty file
4. csi converts ip addresses into numbers
5. cnf is an encrypted config file and I guess the guy has access to the complete wp by now.
6. lb is the link library so actually searching for one of the urls in this list, easily copied from the infected site’s source code, on the cpanel’s file manager should reveal the location of this file.
7.lock is an empty file
8. rlf is the click counter
9. skwd are the site keywords, basically a list of all words you can imagine, very long.
If your site got infected read this: After removing the folder with the plugin you need to go to your config file and change the secret keys. This is essential otherwise you might get it back again. When you get to the config file you will find a website address where you can obtain new secret keys. It’s as simple as copy/paste but important to do it. The hacker has modified this file by adding additional keys, thus letting a back door open for future attacks.
I’m not 100% sure if it was the effects for nggallery but it was the oldes plugin on the site, last updated 500+ days ago which made it suspicious to me.
As a last note, the plugin was installed on only one of the two sites, but the link list showed in both sites, so if you run multiple sites on one account, better change the secret key there too.
Forum: Fixing WordPress
In reply to: Serious hacking threat to newest WordPress?@mosco – You wanna share which plugin it was and how the hack looked? My site is full of links which can only be seen in the source code. I have no idea where to look and what for. Checked all files via server search for eval and base64 and lots of other stuff with no results. I need to get rid of these links.
Forum: Fixing WordPress
In reply to: WordPress Hacked! List of Links in the source codeI’m still hoping for a better idea – 2 sites search every file… I guess I’m faster rebuilding it, except of the fact that if I don’t find where these links come from I might risk taking them over via my backup files.
Forum: Fixing WordPress
In reply to: WordPress Hacked! List of Links in the source codeBeen through all of the above. Thanks emsi, but there is nothing in there that would bring me near to find where to look. Except the one guy who mentioned I’d have to go through every single file on my wp installation and search manually… That would take month. Is there any way to locate where the injection is originated on my wp? The links in question are not staying the same the change dynamically upon refreshing the source code.
Help…I’m having the same issue on several websites. In one case the page 2 gives back a 404 error in other cases it simply reloads the first page instead of page 2.
I’m not having the SEO Plugin Yoast plugin installed
Forum: Plugins
In reply to: [NGG Video Extend] [Plugin: NGG Video Extend] Gallery NavigationAha…. I just visited your site, studioactiv8 and I can see that it’s NOT working! Your videos don’t play and the video link shows partially on top of the image. That’s exactly the same like on my site, which is the reason I’m here.. I’m busy with this for two days now and still can’t get it to work. here is the link: http://www.island-cruises.org/charter-a-yacht-sy-full-steam. wp-footer is present in the template. I tried lightbox, shadowbox and thickbox but no roses.
Forum: Fixing WordPress
In reply to: Visual Editor (TinyMCE) not showing up on 2.9.2 (Linux)@guppydas
Thanks for that! Now it works, but…
It didn’t work when I removed the .htaccess file as DougJoseph mentioned, so I put it back where it was, it also didn’t work at first, when I updated cforms to 11.7.3 but when I removed the .htaccess file after updating cforms it WORKED! After 5 month. Thank you all for the ideas! I consider this threat as solved.Forum: Fixing WordPress
In reply to: Visual Editor (TinyMCE) not showing up on 2.9.2 (Linux)Unfortunately I’m still having the same problem.Now in 3.04 but still no flowers. My visual editor doesn’t seem to exist on this website.
Forum: Fixing WordPress
In reply to: Visual Editor (TinyMCE) not showing up on 2.9.2 (Linux)I have the same visual editor problem. I did have wp secure installed and was very happy when I was reading this post… at first. I removed the .htaccess file but no flowers. Then I kept reading on and found the cforms hint, to turn on the problem fixer tool in cforms options, yet again no flowers.
So I reinstalled wordpress 3.01 from the admin section and again no flowers. I turned off all plugins and refreshed all my browser cache pages and tried different browsers but yet… again no flowers. Now I’m running out of options. The site in question is http://superfoodinfos.com/ and I’d love to have my visual editor back.
@kimberly – Besides that you’re in the wrong threat here and you won’tget as many answers as you wish for; here my suggestion, Akismet is working well to remove spam but it will remove nice comments too when people use keywords in the name field instead of their name. These guys are spammers and the job of akismet is to remove spam; so everything works correctly.
Forum: Plugins
In reply to: [Plugin: Capability Manager] Wrong link to Cforms TrackingThanks for the upgrade.
Forum: Fixing WordPress
In reply to: Bad URL does not return 404 error…I just happen to have a friend who has the same problem as described above. http://www.segelnthailand.de/type-whatever-you-like-here goes right to the homepage with a 200 OK response instead of a 404.
- Version = WP 2.7.1.
- Permalink structure = default
- Theme = Kubrick default (or any other theme)
- All plugins disabled! (or enabled for that matter)
The site just lost 250 places at Google and i fear the punishment has to do with exactly that problem. http://googlewebmastercentral.blogspot.com/2008/08/farewell-to-soft-404s.html
And to make things worst and the problem even harder to locate is the fact, that there are two more wp blogs installed, in the same account on the same server and both pages’ 404s are handled correctly!??!
Searching Google for the problem returns somewhat of 11,5 million results. I’ve tried everything up to SERP 5 with no success so far!
I hope i don’t have to go through all the 11 mill. ๐Although WordPress is the worlds best and most popular blogging software, this forum seems to be more or less deserted. Help with a functioning solution would be highly appreciated.
Forum: Fixing WordPress
In reply to: Bad URL does not return 404 error…I just happen to have a friend who has the same problem as described above. http://www.segelnthailand.de/type-whatever-you-like-here goes right to the homepage with a 200 OK response instead of a 404.
- Version = WP 2.7.1.
- Permalink structure = default
- Theme = Kubrick default (or any other theme)
- All plugins disabled! (or enabled for that matter)
The site just lost 250 places at Google and i fear the punishment has to do with exactly that problem. http://googlewebmastercentral.blogspot.com/2008/08/farewell-to-soft-404s.html
And to make things worst and the problem even harder to locate is the fact, that there are two more wp blogs installed, in the same account on the same server and both pages’ 404s are handled correctly!??!
Searching Google for the problem returns somewhat of 11,5 million results. I’ve tried everything up to SERP 5 with no success so far!
I hope i don’t have to go through all the 11 mill. ๐Although WordPress is the worlds best and most popular blogging software, this forum seems to be more or less deserted. Help with a functioning solution would be highly appreciated.
Forum: Installing WordPress
In reply to: Switching Domain Names But Keeping ContentAlways happy to be of service
CheersForum: Installing WordPress
In reply to: Punycode IDNs and WordPress Prรคfix “xn--“Cool that nobody here seems to have this problem! Is there at least anybody who could tell me where to ask???
ThanksForum: Installing WordPress
In reply to: Switching Domain Names But Keeping ContentEmpty your browser cache might help for starters. Did you check the path? Doest it go to e.g. yourdomanin.com/blog? Is the path correct in PhpMyAdmin too? identical in all cases, as described above? home and site url?