angelwp

Forum Replies Created

Viewing 12 replies - 1 through 12 (of 12 total)

  • Hello!, its there a way to do it manually via code to change the default option to be UK?, thank you in advance!

    Thread Starter angelwp

    (@angelwp)

    Hello jackie!!, wow! thanks for the really fast reply!!
    i can talk spanish too or english, whatever fits you better
    indeed i use layerslider in some of my websites, and i had this problem since a lot of months now, but it cease the last almost 4 months
    hosting is shared, yes i have wordfence installed in the websites

    actually wordfence is helping me monitorin the websites, wordfence detect this
    Critical Problems:

    * File appears to be malicious: wp-content/plugins/LayerSlider/helpers/khvulaty.php

    i have already delete the script (for afraid, hehe), but is a hint, 4 months before was the same problem, every 2 days i have to be cleanin my websites of this kind of scripts or they take all my server down!

    love this kind of communities, i hope i can be helping too, i already help people in social media groups but with basics, configurations or css stuff

    Forum: Fixing WordPress
    In reply to: Virus
    angelwp

    (@angelwp)

    @abletec Hello!, i have all day reading your answers in differents topics!, i have a already create my topic, title: How can i find and delete backdoor, i hope you can help me ??
    it’s good to see how there are people as dedicated as you helping out other developers

    • This reply was modified 7 years ago by angelwp.
    angelwp

    (@angelwp)

    indeed @pemitchell, i was “clean” for almost 4 months, from cleaning every 3 – 4 days, the way ir works for me, since today, was:

    -Remove infected code detected by Wordfence
    -Manually check the project for weirds .php files and delete them
    -Manually check code with “edit” option from cpanel because some malicious code was encrypted
    -Clean the cookies as our friend pemitechel says, in wp-config and use the salt link provided from wordpress
    -Change cPanel password
    -Monitor daily the server processes and there pop ups some php scripts, manually search them and delet them too

    with this was clean for almost 4 months

    But now i got a message from wordfence with this:
    Critical Problems:

    * File appears to be malicious: wp-content/plugins/revslider/css/ymjuehdi.php

    * File appears to be malicious: wp-content/uploads/2017/04/rhbqlccc.php

    same way as before but it looks like was only 1 website, and no all of them as usual

    this kind of injected code how can be done?, no new users on the website

    can′t find the security hole

    • This reply was modified 7 years ago by angelwp. Reason: important one

    Having the same issue, some i read in other topics was simple remove recaptcha couse is not working, can′t find a way to make it work, it was working before :/

    Still nothing? already tried all the posible solutions in this topic and can′t get it work in any browser ??

    Eeeeeeehhhh…. i guess here is a little misunderstood, i dont want to get my site clean for “free”, i want to know HOW to do it, share experiencies, etc, doesnt is this forum to???

    i say that with the idea if someone has acomplishe a full clean in a server by him or herself, thats all…

    only want to know how to correctly check my databases, or where i can ask this?…

    Hello, got the same problem, clean all the files and keep and eye on cpu usage and procceses, you can see there scripts that Wordfence CAN′T find,

    the big question is, how can we clean the database?, and… how can i know if it is infected????? :/

    already done ALL the guides and still getting code injected, dont know if anyone can make a full clean without spent a cent in premium security packages

    Sorry, but, the problem was solved?
    SELECT * FROMgermanpearls_com.wp_y2u57c_optionsWHERE (CONVERT(option_idUSING utf8) LIKE ‘%viagra%’ OR CONVERT(option_nameUSING utf8) LIKE ‘%viagra%’ OR CONVERT(option_valueUSING utf8) LIKE ‘%viagra%’ OR CONVERT(autoloadUSING utf8) LIKE ‘%viagra%’)
    was indeed malware???

    if i find something liek this in Data Base, should i delete it?
    SELECT * FROM db_fppv.wp_posts WHERE (CONVERT(ID USING utf8) LIKE ‘%eval%’ OR CONVERT(post_author USING utf8) LIKE ‘%eval%’ OR CONVERT(post_date USING utf8) LIKE ‘%eval%’ OR CONVERT(post_date_gmt USING utf8) LIKE ‘%eval%’ OR CONVERT(post_content USING utf8) LIKE ‘%eval%’ OR CONVERT(post_title USING utf8) LIKE ‘%eval%’ OR CONVERT(post_excerpt USING utf8) LIKE ‘%eval%’ OR CONVERT(post_status USING utf8) LIKE ‘%eval%’ OR CONVERT(comment_status USING utf8) LIKE ‘%eval%’ OR CONVERT(ping_status USING utf8) LIKE ‘%eval%’ OR CONVERT(post_password USING utf8) LIKE ‘%eval%’ OR CONVERT(post_name USING utf8) LIKE ‘%eval%’ OR CONVERT(to_ping USING utf8) LIKE ‘%eval%’ OR CONVERT(pinged USING utf8) LIKE ‘%eval%’ OR CONVERT(post_modified USING utf8) LIKE ‘%eval%’ OR CONVERT(post_modified_gmt USING utf8) LIKE ‘%eval%’ OR CONVERT(post_content_filtered USING utf8) LIKE ‘%eval%’ OR CONVERT(post_parent USING utf8) LIKE ‘%eval%’ OR CONVERT(guid USING utf8) LIKE[…]

    • This reply was modified 7 years, 4 months ago by angelwp.

    How can i scan my DB ??

    Hello, im kinda in the same situation, im doing cleaning etc every 4 days, has anyone been able to stop the attacks?

Viewing 12 replies - 1 through 12 (of 12 total)