My domain has been suspended by my host because they have detected spam.
They say that the file "mailout.php" has been used to send out spam mails.
The file is found here:
/public_html/wp-content/themes/[My_theme]/mailout.php
My host tells me to either delete the file or "protect its functions". So my question is.
Can I delete this file? My site does send out mails after a costumer has placed an order through woocommerce.
What do they mean by "protect its functions"? How do I do that?
I look forward to hear from you! Thanks in advance.
Propably your website was infected by injecting malicious code.
On your server you need find weird files like xyz.php folder with different name than wordpress files and folders.
The best will be change script for send emails and use smtp options not sending by php.
When you need more help I can check that for you but without see problem I can only recommend searching the files at an angle of strange file names and of course delete this wierd files.
First check if mailout.php is normal file from your theme.
Related
I have a problem with my website, I get information from wordfence about my WordPress website getting hacked
enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me
I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there's any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you'll have to delete those cronjobs to ensure that that line of code doesn't keep reappearing. In addition to that, you'll also need to make sure those cronjobs don't show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.
If your website got hacked then I guess more than 1 file was affected by it,
case-1: If you are able to access the Wordpress Backend In this case, if you are able to access the Wordpress backend then I suggest you
Step-1: Add one plugin called (Wordfence Security – Firewall & Malware Scan
) and scan your website with it.
Step-2: After scanning the site remove all suspicious code from the site.
Case 2: If you are not able to access the Wordpress backend then you have to update your Wordpress manually with the hosting file manager or FTP.
Please Note: Please take a backup of your website before do any changes.
I've got a site that has been hacked for the fourth time now this month. With scripts hosted on autofaucet.org. (sloppy code even, found their names. Some Russian dudes. But that's off topic) I've taken some measurements to prevent a new hack, but alas...
I've installed a clean WP installation on the server, with clean files and a clean DB.
reinstalled the plugins clean
I have All In One WP Security & Firewall plugin for file scanning, firewall, hide inlog page, etc.
Changed all the wordpress passwords.
I've notices the encoded code is being placed in files called assets.php.
I'm curious how a hacker would inject/place the code on the server. How to prevent it better and what questions to ask the webhost company. I've asked them before and they just say it's my fault, update the wp installation and move on. What should they check if the code is injected from their side?
Your log files (of the web server) e.g. /var/log/nginx/access.log with the nginx web server will tell you who it was. Look for the change date/time of the assets.php file. Then check server access logs for IP addresses from that exact time. Then search logs for that IP address. You will find the first accesses by that IP address. That was likely the hack.
Usually Wordpress plugins are to blame as long as you keep the WP site updated. So, you could disable plugins not needed urgently, and disable the others one by one, or all for testing.
As a workaround, you can make the index.php (or other) file under attack read-only. In the past I have worked around particular attacks by chown root.root filetobeattacked.php which usually works (but may hinder updates, so it's a temporary solution). If you are not root on the server (shared hosting) perhaps chmod 444 filetobeattacked.php could work.
I had same issue before. It might be the wordpress core files.
Delete all files except wp-content, then download and replace it with the new wordpress files.
Search for 'autofaucet.org' inside wp-content, and remove if necessary.
Open wp-contents/themes/ then check functions.php - check if any additional code is there on top. Check the last updated files and time inside the theme and plugins.
Export database files and searcg for 'autofaucet.org' and remove if any item found.
I am currently working on an implementation reading data from a csv file from within a WordPress plugin. It was suggested the file be added within the plugin in an assets directory. I have concerns in doing this. In particular, I'm worried about security and whether this makes the site vulnerable to attacks.
That being said, I looked at the assets folder in the frontend on my local environment and was not able to see the csv file.
Does anyone know if adding a csv file directly to a plugin introduce security risks?
Alternatively, I was thinking about uploading this csv to AWS and reading the data from there.
Good day, Lara.
I am wordpress developer and try to help you now.
We know that every plugin we install should be correct but there are can be some risks.
The wordpress Core do not allow to call CSV and other files directly from folders. For example like assets folder.
But the plugin is third hands software so if a developer do not protect it, anybody can have access to the file.
My advice to check the Stars and Reviews of plugin on
https://wordpress.org/plugins/
Or find reviews of plugin here
https://codecanyon.net/category/all
If it has 4 and more Stars, I think you dont need to worry about security.
Tell please if it helps you...
http://sidparmar.ca/portfolio/ This is my portfolio website and an only home page is working with the domain name. Every link is broken unless replaced by IP of my VPS which is 64.20.53.42.
So usually it should work like sidparmar.ca/portfolio/contact/ (give me an error "The requested URL /portfolio/resume/ was not found on this server.")
but currently, it is only working if I type 64.20.53.42/portfolio/contact/ as URL.
Please let me know if you have any suggestions/advice or pointer that I should look into. Any help is appreciated.
Has your site been like this since you installed Wordpress? If so, then where did you install wordpress (i.e. what directory)? It looks like you did not install it in the web root directory of your web server. Also, when you installed Wordpress, are you sure you specified the correct URL of your website?
My suggestion based on the limited information you provided and the minor amount of custom content of your website is to simply delete your database and files, create a new database, and re-installation Wordpress following exactly the correct instructions. Your VPS host may have an outlined process for you.
Alternatively, if this is a new issue, do you think you caused it? If so, what did you do? If not, you should probably contact your VPS host to see if you or they need to make an update in your DNS settings.
Found the answer by myself! Yeah!
I just added "ServerAlias www.domainname.ca" to my apache2 conf file (000-default.conf) which you can probably find at /etc/apache2/sites-available directory in your VPS.
Not sure why this worked or what exactly caused the problem but I am sure that it happened because of Yoast SEO plugin.
I have just signed up to a new webhost with the same main domain name as my previous host. I downloaded the whole site via FTP and also exported the database in phpMyAdmin.
After changing the wp-config.php file so that the database name, username and password matched the details for my new host, I uploaded the files to the public_html folder (same directory as on the old host) and also imported the database.
Whilst I can log in, nothing has really saved. I had to set the theme again, none of the posts display etc. The information is all in the database, so I don't understand what has gone wrong.
What do you think the problem could be?
Check if you got all the files. Important files that could be missing are .htacces files: they are 'hidden' (that's what the . kinda says, and some FTP programs just ignore them
Check if you are actually working on the correct host. If the DNS isn't pointing correctly (it can differ between sessions if it isn't propagated!), you're messing with 2 servers :)
The way you described, everything should work. Also make sure you clear your cache and cookies so that the new server is recognized with your install. Also make sure that your URL settings have not changed in the general tab in the admin side.