walkinman

Hey esmi

I just instaled Lancelhoff’s translator too, and get the same error when I copy the relevant code to my sidebar:

Fatal error: Call to undefined function: ltranslate() in /home/skola2/public_html/alaskanalpinetreks/ramblings/wp-content/themes/default/sidebar.php on line 62

I’ll try deactivating some other plugins .. the lancelhoff plugin is the one on my other blog, now that I look at it, but it’s working fine.

Cheers

Carl

Hey esmi,

Thanks – the plugin is called ‘Translate”, from Mister Nifty. It was part of the updates I just ran.

Cheers

Carl

Hey Folks,

OK .. I edited the Single Post file, and removed the translate plugin .. is there a known hassle with this plugin in the new WP? I just upgraded to the newest version of WP and also updated the translator, though it’s working fine on my other blog, https://www.skolaiimages.com/journal
I’d like to have the translator rather than remove it, if possible.

Thanks.

Cheers

Carl

Hey rbournigal,

I had problems with this kind of thing too – upgrading to the newer version of wp was the only thing that stopped the spam from reinjecting itself. Here’s a post about it. From what you’ve said, it sounds like you have the same issue.

Cheers

Carl

Hey Michael

On deactivation, I got this error:

Fatal error: Call to undefined function: email_notification_future_send() in /home/skola2/public_html/journal/wp-content/themes/default/header.php on line 4

When I tried to go to my site.

Thoughts?

Thanks.

Cheers

Carl

Hey Michael

Will do – thanks so much.

Cheers

Carl

Hello Michael

Thanks – I wasn’t aware it’s a plugin. I have this one active .. but the problem only just started when I upgraded to the newer version of w/p – from the previous one. And it’s not simply subscriptions .. it also sends emails to me, the author, when I make an edit to an existing post.

Any other possibilities?

Thanks.

Cheers

Carl

Hey Whooami,

Perfect! Thanks so much for your help.

Hopefully the hacking thing is done and you won’t see me around no mo’. ??

Thanks again.

Cheers

Carl

hey Whooami

Thanks for the help. I think I’ve got it OK now. A few troubles, but we’ll see how it goes. Everything’s working now, anyway.

And now I’ve got a note that says to upgrade yet again. ??

So, while you’re here, should I not use the auto-upgrade thing, but just upload all the core files manually?

Thanks so much.

Cheers

Carl

Hey Whooami

Thanks for your help.

Yeah, I did consider the time stamps. I wasn’t sure if they should all be new files, or if any of the older files still remain.

I fear I actually did (probably) worse than you describe. I used an automated upgrade program.

This one.

It ran the upgrade for me, so I didn’t do much at all.

When you say ‘core directories’, you mean wp/content, wp-admin, wp-includes, correct? Should I just go thru and delete all the files in those directories that are not dated 10-22-08 (excepting, of course, the theme, plugins and wp-config.php files)?

Thanks _ I appreciate your help.

Cheers

Carl

Hey Whooami,

Thanks.

I’m looking over files on the site, but I don’t really know enough to know what I’m looking for.

I looked at the db users, and didn’t see anything awry there. I also deleted the old admin user, created a new one with a new password and nickname.

When I go to wp-admin/options.php on my site I get redirected to a login page, and it will not accept my password . I have to actually get a new one and try over .. and again, even logged in already, I get a redirect to login, and it won’t accept password.

In the wp-admin folder, I have 4 files starting with ‘upload’

upload-functions.php —- 3/17/2007
upload-js.php ———- 1/18/2007
upload-rtl.css ———- 11/14/2006
upload.css ————- 1/09/2007
upload.php ————- 10/22/2008

I’m trying to run this plug in security thing, but can’t seem to get far. I keep getting this:

Make a backup of your database before using this tool:

Change your database table prefix to mitigate zero-day SQL Injection attacks.

Before running this script:

wp-config must be set to writable before running this script.
the database user you’re using with WordPress must have ALTER rights
Change the current: prefix to something different if it’s the default wp_
Allowed Chars are all latin Alphanumeric Chars as well as the Chars – and _.

None of which I know what to do with.

Sorry for my ignorance .. I can barely scrape a valid html page together, this stuff is a bit much for me.

Thanks for your help.

Cheers

Carl

Hey whooami

That’s precisely why I upgraded yesterday. I said that in my initial post. My reply was in response to the remark that some folks apparently have indicated that even with an upgrade, the injection continues. I don’t know if that’ll happen or not, and I admit I’m possibly the least knowledgeable person on these boards about such things, but if the upgrades don’t resolve a security problem, and the issue is related to the theme I’m running, then I’m not sure why my comment isn’t reasonable.

I guess what I’m asking is that now that the spam links seem to be gone, does that mean the bad code is gone, or is it something that can be recalled from outside (assuming I’ve done all the necessary password changes, etc).

Thanks.

Cheers

Carl

Hey Gangleri,

Thanks again. I’m using the WordPress Default theme, so if it’s flawed, WP have an issue, IMO. It could be a plugin, I suppose.

I’ll check out the article, thanks so much.

Cheers

Carl

Technokinetics,

That was it, exactly. Thanks so much, I really appreciate that. I’d never have found it. Thank you.

Cheers

Carl

Hey Gangleri,

Well, after deleting the stuff that I found, the spam links appear to be gone .. but, and this is where some experienced folks might be better able to help, I don’t know if this is the kind of thing that needs to be re-injected to re-appear, or simply something that can be recalled from outside the site. It was appearing on every age before, and now I can’t find it on any of the ones I looked through.

Thank you.

Cheers

Carl