1alanfo
Forum Replies Created
-
Forum: Themes and Templates
In reply to: Text editor whiteThis has now been resolved by my hosting company…not sure how but something to do with the .htaccess file.
Ok thanks
I checked the plu-ins and found one I haven’t uploaded called Log-in Wall. I deleted it.
I ran the scan again and sent the full activity log to WF. I’ve noticed some strange lines in the activity log clearly referring to products such as..
1. where scan enters fork
‘domain’ => ‘filousachrysochous.com’,
‘httponly’ => ”,
)),
),
‘filename’ => NULL,
Thu, 17 Sep 15 11:56:00 +0000::1442480160.6430:4:info::getMaxExecutionTime() returning config value: 26
Thu, 17 Sep 15 11:56:00 +0000::1442480160.6428:4:info::Got value from wf config maxExecutionTime: 26
Thu, 17 Sep 15 11:56:00 +0000::1442480160.6422:4:info::Calling startScan(true)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8365:4:info::Entered fork()
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8362:4:info::Calling fork() from wordfenceHash::processFile with maxExecTime: 26
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8358:4:info::Hashing item in base dir: /home2/jimmy/public_html/66-bvlgari-purse-folding-njxy.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8245:4:info::Scanning: /home2/jimmy/public_html/658-tadashi-shoji-piece-an.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8241:4:info::Hashing item in base dir: /home2/jimmy/public_html/658-tadashi-shoji-piece-an.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8106:4:info::Scanning: /home2/jimmy/public_html/655X-radio-clock-watch-seiko-afdm.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8102:4:info::Hashing item in base dir: /home2/jimmy/public_html/655X-radio-clock-watch-seiko-afdm.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8058:4:info::Scanning: /home2/jimmy/public_html/653Q-rayban-optical-tla.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.8054:4:info::Hashing item in base dir: /home2/jimmy/public_html/653Q-rayban-optical-tla.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7930:4:info::Scanning: /home2/jimmy/public_html/651E-chloe-shoes-hqul.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7926:4:info::Hashing item in base dir: /home2/jimmy/public_html/651E-chloe-shoes-hqul.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7874:4:info::Scanning: /home2/jimmy/public_html/650-gagamilano-manyuare-hu.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7869:4:info::Hashing item in base dir: /home2/jimmy/public_html/650-gagamilano-manyuare-hu.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7807:4:info::Scanning: /home2/jimmy/public_html/648Z-harajuku-oakley-rlhh.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7802:4:info::Hashing item in base dir: /home2/jimmy/public_html/648Z-harajuku-oakley-rlhh.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7577:4:info::Scanning: /home2/jimmy/public_html/645T-uniqlo-lace-camisole-jzif.html (Mem:63.2M)
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7572:4:info::Hashing item in base dir: /home2/jimmy/public_html/645T-uniqlo-lace-camisole-jzif.html
Thu, 17 Sep 15 11:55:59 +0000::1442480159.7470:4:info::Scanning: /home2/jimmy/public_html/644A-gucci-bag-mens-fgvn.html (Mem:63.2M)and
2. lots more similar line of activity in the middle..
Thu, 17 Sep 15 11:46:17 +0000::1442479577.9055:4:info::Hashing item in base dir: /home2/jimmy/public_html/20150809182932-WXCnjt-26.html
Thu, 17 Sep 15 11:46:17 +0000::1442479577.9004:4:info::Scanning: /home2/jimmy/public_html/20150809182931-SZSfvg-19.html (Mem:63.2M)
Thu, 17 Sep 15 11:46:17 +0000::1442479577.9001:4:info::Hashing item in base dir: /home2/jimmy/public_html/20150809182931-SZSfvg-19.html
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8938:4:info::Scanning: /home2/jimmy/public_html/20150809182902-gvv-TSD-49.html (Mem:63.2M)
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8934:4:info::Hashing item in base dir: /home2/jimmy/public_html/20150809182902-gvv-TSD-49.html
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8739:4:info::Scanning: /home2/jimmy/public_html/20150809182731-LRRxez-69.html (Mem:63.2M)
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8735:4:info::Hashing item in base dir: /home2/jimmy/public_html/20150809182731-LRRxez-69.html
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8672:4:info::Scanning: /home2/jimmy/public_html/20150809182544-UXHoju-10.html (Mem:63.2M)
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8668:4:info::Hashing item in base dir: /home2/jimmy/public_html/20150809182544-UXHoju-10.html
Thu, 17 Sep 15 11:46:17 +0000::1442479577.8647:4:info::Scanning: /home2/jimmy/public_html/20150809182456-UVEwrg-90.html (Mem:63.2M)<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”><head>
<style type=”text/css”>
body {background-color: #ffffff; color: #000000;}3. then this towards the end..
<tr><td class=”e”>_ENV[“HTTP_REFERER”]</td><td class=”v”>http://filousachrysochous.com/wp-admin/admin.php?page=Wordfence</td></tr>
<tr><td class=”e”>_ENV[“HTTP_USER_AGENT”]</td><td class=”v”>Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0</td></tr>
<tr><td class=”e”>_ENV[“HTTP_X_HTTP_PROTO”]</td><td class=”v”>HTTP/1.1</td></tr>
<tr><td class=”e”>_ENV[“HTTP_X_LOG_7528″]</td><td class=”v”>80.189.3.200</td></tr>
<tr><td class=”e”>_ENV[“HTTP_X_REAL_IP”]</td><td class=”v”>80.189.3.200</td></tr>
<tr><td class=”e”>_ENV[“HTTP_X_REQUESTED_WITH”]</td><td class=”v”>XMLHttpRequest</td></tr>
<tr><td class=”e”>_ENV[“PATH”]</td><td class=”v”>/bin:/usr/bin</td></tr>
<tr><td class=”e”>_ENV[“PHPRC”]</td><td class=”v”>/opt/php54/lib</td></tr>
<tr><td class=”e”>_ENV[“QUERY_STRING”]</td><td class=”v”><i>no value</i></td></tr>
<tr><td class=”e”>_ENV[“REDIRECT_STATUS”]</td><td class=”v”>200</td></tr>
<tr><td class=”e”>_ENV[“REMOTE_ADDR”]</td><td class=”v”>80.189.3.200</td></tr>
<tr><td class=”e”>_ENV[“REMOTE_PORT”]</td><td class=”v”>48371</td></tr>
<tr><td class=”e”>_ENV[“REQUEST_METHOD”]</td><td class=”v”>POST</td></tr>
<tr><td class=”e”>_ENV[“REQUEST_URI”]</td><td class=”v”>/wp-admin/admin-ajax.php</td></tr>
<tr><td class=”e”>_ENV[“SCRIPT_FILENAME”]</td><td class=”v”>/home2/jimmy/public_html/wp-admin/admin-ajax.php</td></tr>
<tr><td class=”e”>_ENV[“SCRIPT_NAME”]</td><td class=”v”>/wp-admin/admin-ajax.php</td></tr>
<tr><td class=”e”>_ENV[“SERVER_ADDR”]</td><td class=”v”>192.185.5.217</td></tr>
<tr><td class=”e”>_ENV[“SERVER_ADMIN”]</td><td class=”v”>[email protected]</td></tr>
<tr><td class=”e”>_ENV[“SERVER_NAME”]</td><td class=”v”>filousachrysochous.com</td></tr>
<tr><td class=”e”>_ENV[“SERVER_PORT”]</td><td class=”v”>80</td></tr>
<tr><td class=”e”>_ENV[“SERVER_PROTOCOL”]</td><td class=”v”>HTTP/1.1</td></tr>
<tr><td class=”e”>_ENV[“SERVER_SIGNATURE”]</td><td class=”v”><address>Apache Server at filousachrysochous.com Port 80</address>
</td></tr>
<tr><td class=”e”>_ENV[“SERVER_SOFTWARE”]</td><td class=”v”>Apache</td></tr>
<tr><td class=”e”>_ENV[“UNIQUE_ID”]</td><td class=”v”>VfqBlcC5BDIAARYZj8AAAAIR</td></tr>
</table>
<h2>PHP License</h2>
<table border=”0″ cellpadding=”3″ width=”600″>
<tr class=”v”><td>
<p>
This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE
</p>
<p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
</p>
<p>If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact [email protected].
</p>
</td></tr>
</table>
</div></body></html>Also in the Google search results it says “This site might be hacked”
I’m not the least bit technical but I can see from the spurrious lines in the report that relate to products – ray ban, gucci bag mens etc that the site is hacked.
What to do?