paul79uf
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Is this Malicious Code? – Found in Themes Index.phpI thought I would come back and give some closure to this thread.
I followed all the steps at the “how to completely clean…” link and the spam emails being sent from my WordPress blog have stopped.
Here’s the link Jan posted again –
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/Forum: Fixing WordPress
In reply to: Is this Malicious Code? – Found in Themes Index.phpSorry about that Jan. I wasn’t sure what that code was. Thanks for deleting it.
I just checked my server logs and found the entries below in the mail.log, which was last modified a few hours ago.
I’m hoping that I stopped the spam emails (a few hundred per day) since there are no new entries in the mail log since I deleted all the blog files and uploaded clean versions earlier today.
Here’s a small sample of the entries in my mail log (with my site info IPs and email addresses changed) –
_______________________
2014-03-10 08:17:03 u39521873 3oyyji-1XIeFh2A3W-014o7Q |< REMOTE=78.108.64.44 SCRIPT=/mysitename.com/blog/index.php — /usr/sbin/sendmail -t -i -f [email protected]
2014-03-10 08:17:03 u39521873 3oyyji-1XIeFh2A3W-014o7Q <= [email protected] SZ=1135 D=0 SID=149441682
2014-03-10 08:17:04 u39521873 3oyyji-1XIeFh2A3W-014o7Q => [email protected] msmtp.perfora.net[172.18.143.3] 250 Message 0LdYAk-1X5MZ32l86-00i3eP accepted by mrus0.perfora.net
2014-03-10 08:17:11 u39521874 3oQkJV-1Wil8A3gBt-00VCV0 |< REMOTE=89.18.64.212
______________________________Does anyone know of an easy way to scan the mysql database for malicious code?
Forum: Fixing WordPress
In reply to: Is this Malicious Code? – Found in Themes Index.phpThanks for the quick reply.
I’ve done most of the steps on that page.
1. scanned computer with malware bytes and ms security essentials – clean
2. changed all of my ftp/1and1 login/wordpress/mysql passwords
3. changed the wp secret keys multiple times
4. checked .htaccess files in all my sites/blogs – clean
5. deleted everything / restored with fresh wp files
6. ran WordFence multiple times
7. manually checked new files for any malicious codeSo far it seems like I got rid of the hack/exploit by deleting everything and upgrading to the latest versions.
I should probably ask 1and1 if they see any more email coming from my site(s). Not sure how to check that in the web control panel.
I don’t have any contact forms or newsletters so they should not be sending any email.
The only thing I’m worried about is if the mysql database is still infected with malicious code. But I imagine WordFence scans that.
I also did the sucuri.net site check and everything came back clean.
Thanks again. I will keep checking this thread if anyone else has any other suggestions.
Forum: Fixing WordPress
In reply to: Error message just startedHey Callmetut,
I just had the same exact error “l10n.php on line 514”.
I fixed it by downloading WordPress 3.2 and extracted it.
Then download a copy of your current l10n.php to a safe place just in case.
Rename the l10n.php on your server to l10n.php-original or something like that to have another back up copy.
Then upload the new l10n.php from the WordPress 3.2 zip file you downloaded/extracted earlier to the wp-includes directory.
Try reloading your blog. I’m now able to load my blog and log in to the admin.
I hope that helps. Good luck. 🙂
Forum: Fixing WordPress
In reply to: Every Theme Broken – Text & Links OnlyThanks Clayton.
I read up on the proper permissions for that folder and the files and changed them. Now the theme is showing up.
Thanks!
P.S.______________
I was actually able to move over to mysql 5.I followed this guys directions specific to 1AND1 hosting for moving a mysql 4 db to 5.
Since my db was so large, I had to change up the steps since the text import window was hanging (not responding).
See my comment on his page if you get the same problem.
(I had to export to a .sql file, remove the “create database” line with the old db name and update the two other lines that contained the old database name to the new mysql 5 db name.)