nudgephelps

It seems that it was a few images that caused the problem. They were not showing up on the web page nor on the edit product page, so I deleted them from the edit page and went through all of the product pages, and checked all the images. Quite a few were missing and just showing the palace holder error image. Now ll is good and the site has had no problems for about 10 days. All I can think is that the database got screwed up and didn’t know where to put these images. But time will tell if this was the definite solution

I’m still having big issues! it seems that the site goes down around 5:30am to 7am each morning.

I had these messages from Plesk85.hosingUK.net

7:10 am 2. The following WordPress installations are quarantined:
Website “Johnny’s Back Yard” (https://johnnysbackyard.co.uk/wordpress): WordPress Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.`
7:13 am 1. Website “/httpdocs_bak” (https://johnnysbackyard.co.uk/_bak): Failed to reset cache for the instance #432: Error: Error establishing a database connection.

I have scanned for malware several times and refreshed site state

Thank you!!
zip file sent
I have removed the file phpinfo.php and deactivated nonessential plugins but I’m a bit reluctant to change the theme as I don’t want that to screw any of the content up and leave me with a nightmare to untangle.
Thank you Again

OK Thanks for this. I ran the internal scan again in high sensitivity mode here’s what it found

=======================================================================
Quttera Web Malware Scanner plugin for WordPress
Website Malware Scan Report

Scanned Website: https://johnnysbackyard.co.uk
Scan type: Internal
Report generation time: 2022-08-14 11:35

Scan launch time: 2022-08-14 10:21
Scanned files: 22164
Clean: 22154
Potentially Suspicious: 4
Suspicious: 4
Malicious: 2

? 2021 Quttera Ltd. All rights reserved.
For any questions about this report: [email protected]
=======================================================================

FILE: phpinfo.php
FILE_MD5: 53628903e3c9cf1593d4ef97067fba40
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 53628903e3c9cf1593d4ef97067fba40
THREAT_NAME: Heur.PHP.Dropper.gen
THREAT: <?php phpinfo(); ?>...
DETAILS: Generic PHP information dropper

FILE: wp-content/languages/themes/twentytwentytwo-en_GB.po
FILE_MD5: 7cdc7d54c4ec7a6d0619503e449d686d
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 7cdc7d54c4ec7a6d0619503e449d686d
THREAT_NAME: Heur.CoreFile.gen
THREAT: Modified core file...
DETAILS: Detected modified core file

FILE: wp-content/languages/themes/twentytwentytwo-en_GB.mo
FILE_MD5: 563f64c8b8f58d86848a8ce8ff05a92c
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 563f64c8b8f58d86848a8ce8ff05a92c
THREAT_NAME: Heur.CoreFile.gen
THREAT: Modified core file...
DETAILS: Detected modified core file

FILE: wp-content/plugins/woocommerce-payments/readme.txt
FILE_MD5: 6ac5aadd162a87a663fba6d5c63db48e
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
THREAT_NAME: Heur.HTML.Defacement.gen.F4248
THREAT: Fatal Error...
DETAILS: Website Potentially Defaced

FILE: wp-content/plugins/woocommerce-payments/changelog.txt
FILE_MD5: f93887562e6ac324f90fbbdab90325b3
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
THREAT_NAME: Heur.HTML.Defacement.gen.F4248
THREAT: Fatal Error...
DETAILS: Website Potentially Defaced

FILE: wp-content/plugins/wp-stats-manager/includes/wsm_cron.php
FILE_MD5: 9f586af83113716e072e2e7fdb7168b6
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: c820ee601de1cf2c2258b8494baaf844
THREAT_NAME: Heur.PHP.Redirect.gen
THREAT: <?php /* if ( ! defined( 'ABSPATH' ) ) exit; class wsmCr...
DETAILS: suspicious PHP redirection

FILE: wp-content/plugins/woocommerce-services/images/payment-logos/brazil-tef.svg
FILE_MD5: 9da2ceca8668b7155bfae1e66219657e
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: 39e187127514ba3d80daaf528521932e
THREAT_NAME: Heur.JS.Encoded.gen
THREAT: 9.16.68.06.69.08.67.12.66.16.65.18.64.22.62.25.6.28.59.3.57....
DETAILS: Malicious obfuscated JavaScript threat (JS Trojan Downloader)

FILE: wp-content/plugins/woocommerce/client/legacy/css/twenty-twenty-two.scss
FILE_MD5: 99dd499cf6c98b8829505cea502758a3
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 077ed38850a47bae3e86bec24784fd6a
THREAT_NAME: Heur.PHP.Encoded.gen.271C
THREAT: \73\73\73\73\73...
DETAILS: Potentially suspicious obfuscated PHP threat

FILE: wp-content/plugins/woocommerce-payments/vendor/woocommerce/subscriptions-core/changelog.txt
FILE_MD5: 1be9d9b13d32b0bfa5257973321f4d17
SEVERITY: enPotentiallySuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 65b0f2becffb61cb9f5fba232f7b9987
THREAT_NAME: Heur.HTML.Defacement.gen.F4248
THREAT: Fatal Error...
DETAILS: Website Potentially Defaced

FILE: wp-content/plugins/woocommerce-payments/vendor/woocommerce/subscriptions-core/includes/upgrades/class-wc-subscriptions-upgrader.php
FILE_MD5: f39835da3804dd9297b51d576cc7b09a
SEVERITY: enMaliciousThreatType
ENGINE: fscanner
THREAT_SIG: b9dabf14014fb7becc2a63a6cb482a55
THREAT_NAME: Heur.PHP.Cron.gen
THREAT: delete_transient( 'doing_cron' );...
DETAILS: Cron PHP scheduler

I did an Internal Quttera Web Malware Scanner plugin for WordPress
This is the report.

=======================================================================
Quttera Web Malware Scanner plugin for WordPress
Website Malware Scan Report

Scanned Website: https://johnnysbackyard.co.uk
Scan type: Internal
Report generation time: 2022-08-13 13:18

Scan launch time: 2022-08-13 12:38
Scanned files: 22163
Clean: 22161
Potentially Suspicious: 0
Suspicious: 2
Malicious: 0

? 2021 Quttera Ltd. All rights reserved.
For any questions about this report: [email protected]
=======================================================================

FILE: wp-content/languages/themes/twentytwentytwo-en_GB.po
FILE_MD5: 7cdc7d54c4ec7a6d0619503e449d686d
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 7cdc7d54c4ec7a6d0619503e449d686d
THREAT_NAME: Heur.CoreFile.gen
THREAT: Modified core file...
DETAILS: Detected modified core file

FILE: wp-content/languages/themes/twentytwentytwo-en_GB.mo
FILE_MD5: 563f64c8b8f58d86848a8ce8ff05a92c
SEVERITY: enSuspiciousThreatType
ENGINE: fscanner
THREAT_SIG: 563f64c8b8f58d86848a8ce8ff05a92c
THREAT_NAME: Heur.CoreFile.gen
THREAT: Modified core file...
DETAILS: Detected modified core file

I restored to a back up and I igt this message:
WARNING: (Restore domain object 'johnnysbackyard.co.uk') Failed to restore the extension wp-toolkit: Failed to reset cache for the instance #283: WordPress Toolkit was not able to finish running an operation on this site in 60 seconds, so the operation was terminated. This could mean that your WordPress installation might be infected with malware. Check the wp-config.php file of the installation for potential malware code or run an anti-virus scan. If you cannot find any traces of malware, try running the operation again later.

I would really like someone to take a look at my site and try an rectify the problem, the issue is beyond me ??

• This reply was modified 2 years, 3 months ago by nudgephelps.

Wordpress toolkit threw this up this morning?

WordPress Toolkit has found WordPress files at the following path:

Path
/var/www/vhosts/johnnysbackyard.co.uk/httpdocs_bak
However, it does not seem that this WordPress website is working. Try restoring the website from a backup or cleaning up the redundant files.

Thank you! I will certainly check the guide out, however, the site is working normally at the moment ?? Typical! I will let yo know how I get on. Thanks Again

Great Thanx!