SickSquirrel

I did an install but some files weren’t copied due to battery dying on my laptop. On Wednesday I redid it. Then I did it again on Friday with no issues.

I usually do a manual install rather than auto update. I like to wait a few weeks before updating in case of issues. Sometimes the updates need a tweak so I wait. I know, too cautious, but it’s leftover from a dozen years ago.

Today I’ll hopefully do another fresh install after deleting everything. I have a custom script there but I have a copy on my laptop ??.

New year, new install, and hopefully a new smile on my face ??

How could the admin be disabled?

It’s a fresh install. The site is new with no content. That’s the problem. Fresh install yet things aren’t seen. Tomorrow I’ll delete all again and reinstall. There is just the htaccess provided. I have a lot to add but want the site available first.
Thank you.

Thanks. The logs were overwritten but I found this last night:

Sun Dec 25 17:44:29 2016] [error] [client 91.107.105.132] PHP Parse error: syntax error, unexpected $end in /mnt/glusterfs/apache/hosting-dir/xxxxxxx.com/wp-includes/wp-db.php on line 1635

[Mon Dec 26 11:03:20 2016] [error] [client 157.55.39.243] PHP Parse error: syntax error, unexpected $end in /mnt/glusterfs/apache/hosting-dir/dxxxx.com/wp-includes/wp-db.php on line 1635

I know some are search engines but they don’t belong sniffing anything but posts.

Each appeared numerous times. I had several hundred tries on that file, /administrator, /wp-login.php, and a few other WordPress files. This is just one domain. This weekend I’ll go through more hacked site logs.

This has been disabled

wp-admin

It just says This has been disabled. 4.7, no plugins active yet. I haven’t set chmod yet. I looked for a guide but didn’t find it. I found one but it was just for a server running a a Windows environment. I doubt my host runs a a Windows server. I’m going to check the debugging link now.

Thank you ! Exact what I needed For htaccess

Gmail reported it. I don’t use the laptop with Windows often due to health reasons. I’m going to scan my iPad tonight and see if anything is reported as virus-infected. I’ve never had gmail report a virus on any system.

There isn’t one. That’s what is so odd. I looked for that right away and it isn’t there. The site had no posts yet and no custom header. It was in pre-planning phase. During the time of hacked files, the site loaded a blank page. If deleting all files and starting at the beginning didn’t take hours….

Thanks, guys. I was perusing an error log last night. Every time someone visits the hacked site, it gives four errors. I’m thinking that means the login or index page is coded to do something it’s not supposed to do.

I can’t copy from the iPad on these logs. Tomorrow I’ll get on my Windows laptop and see if I can grab the four errors. Maybe, probably, you’ll be able to tell me which file(s) to fix.

Thanks. I had two security plugins, one being WordFence. I can’t remember the other right now. I’ll check hide login after I post.

I asked my fixer to just save all then install fresh and restore db. Haven’t checked email yet but I can help a little.

On one site the /root file had just .de as a language. Another just .ru. I was hacked as the code they placed says so. Those </? Php and //Silence is Golden didn’t walk into my site ??

Under root is styles. Subsilver2 has captcha_keycaptcha.html

<!– IF S_KEYCAPTCHA_AVAILABLE –>
<tr>
<th colspan=”2″ valign=”middle”>{L_KEYCAPTCHA_TASK_HEADER}</th>
</tr>
<tr>
<td class=”row1″ width = “50%”><b class=”genmed”>{L_KEYCAPTCHA_TASK_HEADER}:</b><br /><span class=”gensmall”>{L_KEYCAPTCHA_TASK_EXPLAIN}</span></td>
<td class=”row2″>
{KEYCAPTCHA_CODE}
<input type=”hidden” name=”kc_response_field” id=”kc_response_field” value=”false” />
<noscript>
{L_KEYCAPTCHA_MESSAGE_NOSCRIPT}
</noscript>
</td>
</tr>
<!– ELSE –>
{L_KEYCAPTCHA_MESSAGE_NA}
<!– ENDIF –>

Things that make you go hmmmmm

Thanks. The hack was fifteen months ago. I have someone working on them now. Rather than clean files, I suggested he save all under a new folder, install fresh, then scour the db and restore it. Only a few had posts.

Under license.txt I saw this:

signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice

April Fools Day by tycoon who in charge of vice.

It also mentions b2 is copyright tidakada.com. And, WordPress – Web publishing software

Copyright 2011-2016 by the contributors

Seems like they hacked quite a few files for fun. This is one site only. Index.php is <?php

Oh the root folder… it’s from the hacker. Under /Lang is en and ru. The only files there deal with phpbb_keycaptcha. This is a WordPress site only. Now I’m wondering if an exploit was uncovered in phpbb and somehow the keycaptcha script exploits it in WordPress

Hm, really?? Thanks. Several other files are simply <?php

I’m seeing a root folder under the main directory of WordPress. I don’t remember that being there. The files seem to be usual WordPress files but I’m suspicious.

What did the code do? The sites weren’t accessed again afaik but some files don’t ring a bell.

Thanks. The sites load a blank page. The db of the largest site was fine. I have someone working on one but it’s been a month already