my wordpress site got infected with backdoor HELP

Home Forums Support Forum my wordpress site got infected with backdoor HELP

This topic contains 9 replies, has 2 voices, and was last updated by  Anti-Malware Admin 7 years, 9 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • #1819

    taha adnani
    Member

    Hi,

    my problem is that I can’t install your plugin to run a scan on my site, because I can’t access to my wp-admin, the other problem is many encoded codes inside my index.php and all vital files so I don’t know how the anti-malware deal with them and this can lead to take down my site if the plugin delete those files .

    please help me

    can I upload the whole site in zip and send it here to run a scan on it ?

    regards.

    #1822

    Anti-Malware Admin
    Key Master

    The whole point of using my plugin to fix your site is that it can remove the malicious code from your infected files without affecting the good code that is supposed to be there. My plugin would not be so successful and highly rated if it deleted your core files ;-)

    The main problem for you is that you cannot access your wp-admin, but your didn’t elaborate on that so I don’t see how I can help you there. Please explain: why are you unable to access your wp-admin?

    #1823

    taha adnani
    Member

    when I try to login to my site through wp-admin nothing show up just blank page  because as I told you the malicious codes  are inside my config.php and other page related to wp-admin

    #1824

    Anti-Malware Admin
    Key Master

    I know you told me that the malicious code is in your core files, that is extremely common, but that hardly ever means that you cannot login. You see, it’s not usually in the best interests of the hacker to disable or cripple your site, they can only take advantage of your infected site if it is still functioning. It was probably an accident that they broke your site at all.

    You can check the error_log files on your server to see why your site is not working and fix that problem so that you can use your wp-admin again and then use my plugin to remove the rest of the threats. You could also try replacing the wp-admin and wp-includes directories with a fresh copy and manually fixing some of the core files in the root directory, but it would be more efficient to fix the exact file that is referenced in your error_log file.

    #1825

    taha adnani
    Member

    I can’t find the error .

    what I did I compressed  the files in a zip and I deleted all the files on my host

    I still have the zip this why I asked you If I can send it you

    further more I ran your plugin at one of my infected site and some files are still there with their codes

     

     

     

     

    #1826

    Anti-Malware Admin
    Key Master

    Sending me the zip file won’t either of us any good. You need the whole site (DB included) UNZIPPED and configure on a webserver in order to properly clean it and get it working again. The error_log files are the key to your success. Let me say that again, another way, you need to find your error_log files. The error_log files are essential to debugging any problem with any site, it’s worth you doing the research to find you error_log files. Please do that regardless, you’ll thank me later ;-)

    Moving on, you said you have another site that is able to run the scan but there are still infected files, can you please elaborate?
    You can send me the files that are still infected, directly to my email.

    #1827

    taha adnani
    Member

    ok thanks I will see if I can resolve this,

    ok wait

    #1828

    taha adnani
    Member

    Hi again, I tried to sent you the files but the host suspended my account because the site keep sending request

    I turned  WP_DEBUG to true and I found some errors

    Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 1179

    Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-login.php on line 398Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-login.php on line 411Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 893Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 894Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 895Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 1179

    How I can fix them ?

    #1829

    taha adnani
    Member

    Really I need help now, this time when I moved my site to another host and try to clean it, the whole host was crushed, this really disappointed

    the host is not working now

    http://prnt.sc/eibaz6

    #1830

    Anti-Malware Admin
    Key Master

    It looks like you broke the DNS for bytemeup.com at NAMECHEAP by pointing the Name Servers at NS1.BYTEMEUP.COM and NS2.BYTEMEUP.COM, so now there is now way to lookup the A Records for that domain. Try setting the Name Servers back to the NAMECHEAP Standard DNS. Then use the NAMECHEAP to set the IP address for your A records to your new host.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

Comments are closed.