ramirez_fabian
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: .htaccess Hacked, Redirects to Russion SiteOk, found _cache.php in the uploads folder in the last site on my hosting. (go figure)
I too just found this same file, so I deleted it. It was on the last site that I installed on my hosting. The theme uses the thumb.php within the theme, but I installed the recent thumb.php file.
Forum: Fixing WordPress
In reply to: .htaccess Hacked, Redirects to Russion SiteCHMOD them.
What does CHMOD them mean?
Forum: Fixing WordPress
In reply to: .htaccess Hacked, Redirects to Russion SiteThe hack is back a day later with a different Russian site now. I’m not going to give up, although I want to. I have about 20 sites running via Bluehost. I just want to find the javascript or point of entry.
My .htaccess are all changed at the same time today 5:04am. So this is an automatic script hitting my sites. Really bummed!
Forum: Fixing WordPress
In reply to: .htaccess Hacked, Redirects to Russion SiteI logged into Bluehost, did a search on my hosting directory for thumb.php and timthumb.php.
Looks like 5 of my sites had the thumb.php file and each one needed to be updated. I installed the timthumb vulnerability plugin on each site, and it automatically installed the most recent thumb.php file. So each site it up to date on that file as well as the most recent version of WordPress.
The .htaccess was then hacked again.
I found this article to be helpful
The article says this:
Delete these files:
/wp-content/uploads/_wp_cache.php
/wp-content/uploads/sm3.phpI did a search of sm3.php, and found no results. However when I did a search of _wp_cache.php, I found one file on one of the sites that had a thumb.php file that needed to be updated.
I quickly deleted that file as the article mentioned, and so far so good. Now I’m going to go to each .htaccess file and delete the extra code and see if this does the trick.
Fingers crossed on this one.
Forum: Fixing WordPress
In reply to: .htaccess Hacked, Redirects to Russion SiteI’ve asked my hosting company (bluehost) to assist with determining the entry point and how to prevent it, but they cannot find this information out. We’ve backed up my files and restored but the .htaccess files keep getting infected with Russian code.
It all happens at the same time, like 7:50am this morning, every .htaccess file was changed and code inserted, then it sets the permission to 444.
I’m really getting annoyed by this.
Forum: Fixing WordPress
In reply to: Parse error: syntax error, unexpected … on line 807‘tmp_lkojfghx’
My line 807 contains the above tmp info over and over.
Forum: Fixing WordPress
In reply to: Hacked and need helpSo the Thesis theme can be an open source. I run thesis and I too have been hacked a couple of times.
Forum: Fixing WordPress
In reply to: Parse error: syntax error, unexpected … on line 807Okay, so something is taking down a number of my sites, I am getting this message below on all of them. Am I hacked?
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /public_html/hispy/wp-includes/classes.php on line 807
What do I do about this after I did a backup, I got the error again.