Limbo x86 PC Emulator latest version.Enjoy Free 888+200 Daily Legal Bonus

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)

Forum: Installing WordPress
In reply to: Site Hacked AGAIN!

chungyen
(@chungyen)

15 years, 2 months ago

After some research, i can confirm that it is definitely a form of the Gumblar virus. I cleaned my computer and used this cleaner for my blog, and things are working fine now. https://seoforums.org/site-optimization/118-script-gnu-gpl-try-window-onload-function-var.html

Forum: Installing WordPress
In reply to: Site Hacked AGAIN!

chungyen
(@chungyen)

15 years, 2 months ago

Otto42,

Thanks for the heads up. I am contacting my host and I’ll update this thread with how it goes.

Forum: Installing WordPress
In reply to: Site Hacked AGAIN!

chungyen
(@chungyen)

15 years, 2 months ago

I have had this problem on my blog as well. I took some time to search every file in my wordpress installation.

This script is always appended at the bottom of the file, so it isn’t so hard to find.

Places where I found this script:

index.php
wp-admin/index.php
wp-admin/index-extra.php

wp-content/plugins/commentluv/commentluv.js
wp-content/plugins/commentluv/hoverIntent.js

wp-content/plugins/contact-form-7/admin/wpcf7-admin.js
wp-content/plugins/contact-form-7/contact-form-7.js

wp-content/plugins/index.php

At this point, I realized that all of my plugins were infected, and so I just deleted and replaced them.

Replace all plugins – .js files are infected

wp-admin/js folder – almost every file

wp-content/index.php
wp-content/themes/index.php

any .js files in your themes
any index.php files in your themes

I got tired of looking when I got to the last folder, wp-includes/js. However, the codepress folder had this script everywhere. I replaced the entire wp-includes directory.

It does not affect CSS files.

I’m not sure what it has to do with default-widgets.php and default-filters.php, but I replaced them just to be safe. Before I did this combing through, I found that just replacing these files would bring my blog back. However, the problem persisted. It appears that some sort of trigger happens which causes the error mentioned in the OP’s post, usually around 12 or 1 am EST.

It looks like it has infected both my public_html and my www directories. I am going to search through www now, then wipe the directories and reupload the clean ones, and change my database/login passwords.

edit1: I discovered that my hosting’s cPanel comes with a virus scanner by ClamAV. I tried it and it didn’t find anything.

Viewing 3 replies - 1 through 3 (of 3 total)