angelwp
Forum Replies Created
-
Hello!, its there a way to do it manually via code to change the default option to be UK?, thank you in advance!
Forum: Fixing WordPress
In reply to: How to find and delete backdoor PHP/ccqqji.Hello jackie!!, wow! thanks for the really fast reply!!
i can talk spanish too or english, whatever fits you better
indeed i use layerslider in some of my websites, and i had this problem since a lot of months now, but it cease the last almost 4 months
hosting is shared, yes i have wordfence installed in the websitesactually wordfence is helping me monitorin the websites, wordfence detect this
Critical Problems:* File appears to be malicious: wp-content/plugins/LayerSlider/helpers/khvulaty.php
i have already delete the script (for afraid, hehe), but is a hint, 4 months before was the same problem, every 2 days i have to be cleanin my websites of this kind of scripts or they take all my server down!
love this kind of communities, i hope i can be helping too, i already help people in social media groups but with basics, configurations or css stuff
Forum: Fixing WordPress
In reply to: Virus@abletec Hello!, i have all day reading your answers in differents topics!, i have a already create my topic, title: How can i find and delete backdoor, i hope you can help me 🙁
it’s good to see how there are people as dedicated as you helping out other developers- This reply was modified 8 years, 7 months ago by angelwp.
Forum: Fixing WordPress
In reply to: Hacker registered userindeed @pemitchell, i was “clean” for almost 4 months, from cleaning every 3 – 4 days, the way ir works for me, since today, was:
-Remove infected code detected by Wordfence
-Manually check the project for weirds .php files and delete them
-Manually check code with “edit” option from cpanel because some malicious code was encrypted
-Clean the cookies as our friend pemitechel says, in wp-config and use the salt link provided from wordpress
-Change cPanel password
-Monitor daily the server processes and there pop ups some php scripts, manually search them and delet them toowith this was clean for almost 4 months
But now i got a message from wordfence with this:
Critical Problems:* File appears to be malicious: wp-content/plugins/revslider/css/ymjuehdi.php
* File appears to be malicious: wp-content/uploads/2017/04/rhbqlccc.php
same way as before but it looks like was only 1 website, and no all of them as usual
this kind of injected code how can be done?, no new users on the website
can´t find the security hole
- This reply was modified 8 years, 7 months ago by angelwp. Reason: important one
Having the same issue, some i read in other topics was simple remove recaptcha couse is not working, can´t find a way to make it work, it was working before :/
Forum: Plugins
In reply to: [Contact Form 7 reCAPTCHA Extension] contact form 7 + recaptcha not workingStill nothing? already tried all the posible solutions in this topic and can´t get it work in any browser 🙁
Forum: Fixing WordPress
In reply to: How Do I Fix A Code Injection Hack?Eeeeeeehhhh…. i guess here is a little misunderstood, i dont want to get my site clean for “free”, i want to know HOW to do it, share experiencies, etc, doesnt is this forum to???
i say that with the idea if someone has acomplishe a full clean in a server by him or herself, thats all…
only want to know how to correctly check my databases, or where i can ask this?…
Forum: Fixing WordPress
In reply to: How Do I Fix A Code Injection Hack?Hello, got the same problem, clean all the files and keep and eye on cpu usage and procceses, you can see there scripts that Wordfence CAN´T find,
the big question is, how can we clean the database?, and… how can i know if it is infected????? :/
already done ALL the guides and still getting code injected, dont know if anyone can make a full clean without spent a cent in premium security packages
Forum: Fixing WordPress
In reply to: Website Hacked with SEO Spam – Viagra Entry in WP DBSorry, but, the problem was solved?
SELECT * FROMgermanpearls_com.wp_y2u57c_optionsWHERE (CONVERT(option_idUSING utf8) LIKE ‘%viagra%’ OR CONVERT(option_nameUSING utf8) LIKE ‘%viagra%’ OR CONVERT(option_valueUSING utf8) LIKE ‘%viagra%’ OR CONVERT(autoloadUSING utf8) LIKE ‘%viagra%’)
was indeed malware???Forum: Fixing WordPress
In reply to: Hacker registered userif i find something liek this in Data Base, should i delete it?
SELECT * FROMdb_fppv.wp_postsWHERE (CONVERT(IDUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_authorUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_dateUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_date_gmtUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_contentUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_titleUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_excerptUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_statusUSING utf8) LIKE ‘%eval%’ OR CONVERT(comment_statusUSING utf8) LIKE ‘%eval%’ OR CONVERT(ping_statusUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_passwordUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_nameUSING utf8) LIKE ‘%eval%’ OR CONVERT(to_pingUSING utf8) LIKE ‘%eval%’ OR CONVERT(pingedUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_modifiedUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_modified_gmtUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_content_filteredUSING utf8) LIKE ‘%eval%’ OR CONVERT(post_parentUSING utf8) LIKE ‘%eval%’ OR CONVERT(guidUSING utf8) LIKE[…]- This reply was modified 8 years, 10 months ago by angelwp.
Forum: Fixing WordPress
In reply to: Hacker registered userHow can i scan my DB ??
Forum: Fixing WordPress
In reply to: Hacker registered userHello, im kinda in the same situation, im doing cleaning etc every 4 days, has anyone been able to stop the attacks?