dcorp

@sterndata Thanks for the advice, checking the links now and will try to apply the steps.

Also the link is not a 404 page, opens here and also I did a site speed test on gtmetrix and the url returned results there as well, I saw the screenshot of actual page.

@corrinarusso Thanks for the advice, I installed it and it says malware found on the site but does not give more details, asks 99$ membership to fix it. It is too much to pay at this point, I will try to solve this manually first

@t-p Thank you for the idea, already doing that, weird thing is: there are pages on my site, but I cant find them anywhere, not in posts, not in pages, no in mysql database, how come I cant find them while they are there, very interesting and annoying.

Edit*: Just noticed something, all those pages are now gone (I have updated all plugins and also updated wordpress to the latest version a few minutes ago)

I wonder if they were invulnerability of some non-updated plugins/wordpress..

I am even more lost now.

• This reply was modified 4 years, 6 months ago by dcorp.

Thank you, for now I handled it manually, changing pw of 300 sites didnt take long time as I was afraid.

The hacker used mass.php, I found it in one of my wordpress site’s public_html, no idea how they created it there but most likely from wordpress leaks..

[Redacted link to ‘hack’]

this version uses two methods for getting sites & users & config file

Do you have any idea about this mass defacer and how to prevent it?

I still have 120~ non updated wordpress install/ I think even if 1 site has the problematic wordpress version, they leak into all my other sites too?

Yes,

“use (name-of-database)” (select WordPress database)
“show tables;” (you’re looking for a table name with “users” at the end)

It still wants you to select name of database, such as in PHPmyadmin version.

The issue is, the hackers could change them all at once, so there must be a code to do this lightning fast. otherwise it takes too long.

??

I have investigated and found 2 different types of attack..

Attack 1: They somehow injected and changed my database.

Under wp_options table, they edited the “siteurl” option and put html codes there instead of sitename.com so site showed their codes instead of correct full site. Once you revert their code with your site`s full url, your site becomes available again. After doing this, i went into wp-admin and updated everything.

Attack 2: No database changed as mentioned above. They somehow directly edited index.php and put their own source codes. Even after ou revert index.php back to original one, their hack message was appearing. I have downloaded a fresh wp zip and overwrote all files, then site got fixed but when I woke up today, I noticed that they again changed the index.php file.

They dont have access to my root server or ftp, checked login details. They somehow do it with injection or another method i dont know.

First method looks harmless but 2nd issue, even after i uploaded everything fresh and updated everything to last versions, how can they edit my site(s)?

Last attempt.. Any idea?

I understand, thanks for the help and your time.

Just came to my mind, does this plugin support or have loading the images one by one?

Let`s say that the slider has 30 pics, instead it loads them all at the same time, can it load them one by one: when the user click on next button, the next photo will load but before it, only the first slider image will be loaded.

Just checked it with my other site, installed and activated the Nextgen gallery and the slideshow was still working.

i guess my other site has some other problems.

One last question.

I am using https://www.luminate.com/ ad system. If you visit the site, on front page you will see the example.

It is a system where ads appear on the bottom of the image.

It works with your slider too, but there is one issue.

sometimes the ads shown on correct place, exactly at the bottom of the picture but sometimes the ad appears below the image, sometimes 600-800px below, sometimes on left side of the site.

Without slideshow, all ads appear on correct place on the images, so may be this is an issue with your slider.

Is there a code or way to fix this by your side or i must ask luminate to check it? most likely they cant do something because they supply a simple code.

Thanks for the help.

I have disabled all plugins and boom, the problem is caused by

NextGEN Gallery by Photocrati

plugin. weird but i also have many posts that uses nexgen gallery plugin.

Any idea what can be done?

Blocked a frame with origin “https://www.site.com” from accessing a frame with origin “https://googleads.g.doubleclick.net”. Protocols, domains, and ports must match.

Blocked a frame with origin “https://googleads.g.doubleclick.net” from accessing a frame with origin “https://www.site.com”. Protocols, domains, and ports must match.

Uncaught TypeError: Object #<SVGAnimatedString> has no method ‘split’

These are the errors. I am not a coder or a pro, how these errors effect your slider? my other site has smilar errors too and your plugin works :/?

I just checked with refreshing ctrl+f5, it appeared for ie10, ff, but still not seen on chrome.

another problem is i wanted to be sure and refreshed ie10 few more times, now i cant see it on ie too.

maybe randomly it works and not works.

probably problem is caused by the other script but what i use on both sites are are also identical.

can you check deeper when you have time and if possible i will disable the other problematic script if u can tell me which one it is?

P.s: Also checked this issue on my other computer, firt time i clicked, the slideshow loaded but on next refresh, slider is gone again. Same happened on all browsers.

yes, when i deactivated Jetpack, Quick Adsense plugin works normally and ads show up. So i have disabled the Jetpack for my 3 sites so far ??

I was shocked about seeing that my earnings are dramatically dropped and for around 24 hours i did not notice that my adsense ads were disabled on one of my sites which i updated jetpack to the latest version. (as i am using many sites for adsense, my income was not 0, so i thought there was adsense issue than my own possible problem)

To keep long story short: Jetpack has conflict with Quick Adsense plugin and because of this, my loss is around 100 usd so far, i am glad i noticed it and disabled jetpack, my quick adsense plugin works fine now and ads are back.

Wish i could be aware of this situation earlier…

Does anyone else have the same issue?

Is there a fix for this?

Does Jetpack know about this issue?

Please help me get it fixed or advice me other ad injection plugin so i can use jetpack + my adsense ads.

Best.