Home › Forums › Support Forum › my wordpress site got infected with backdoor HELP
This topic contains 9 replies, has 2 voices, and was last updated by Anti-Malware Admin 7 years, 8 months ago.
-
AuthorPosts
-
March 9, 2017 at 6:09 am #1819
Hi,
my problem is that I can’t install your plugin to run a scan on my site, because I can’t access to my wp-admin, the other problem is many encoded codes inside my index.php and all vital files so I don’t know how the anti-malware deal with them and this can lead to take down my site if the plugin delete those files .
please help me
can I upload the whole site in zip and send it here to run a scan on it ?
regards.
March 9, 2017 at 7:15 am #1822The whole point of using my plugin to fix your site is that it can remove the malicious code from your infected files without affecting the good code that is supposed to be there. My plugin would not be so successful and highly rated if it deleted your core files
The main problem for you is that you cannot access your wp-admin, but your didn’t elaborate on that so I don’t see how I can help you there. Please explain: why are you unable to access your wp-admin?
March 9, 2017 at 8:36 am #1823when I try to login to my site through wp-admin nothing show up just blank page because as I told you the malicious codes are inside my config.php and other page related to wp-admin
March 9, 2017 at 8:53 am #1824I know you told me that the malicious code is in your core files, that is extremely common, but that hardly ever means that you cannot login. You see, it’s not usually in the best interests of the hacker to disable or cripple your site, they can only take advantage of your infected site if it is still functioning. It was probably an accident that they broke your site at all.
You can check the error_log files on your server to see why your site is not working and fix that problem so that you can use your wp-admin again and then use my plugin to remove the rest of the threats. You could also try replacing the wp-admin and wp-includes directories with a fresh copy and manually fixing some of the core files in the root directory, but it would be more efficient to fix the exact file that is referenced in your error_log file.
March 9, 2017 at 9:57 am #1825I can’t find the error .
what I did I compressed the files in a zip and I deleted all the files on my host
I still have the zip this why I asked you If I can send it you
further more I ran your plugin at one of my infected site and some files are still there with their codes
March 9, 2017 at 11:59 am #1826Sending me the zip file won’t either of us any good. You need the whole site (DB included) UNZIPPED and configure on a webserver in order to properly clean it and get it working again. The error_log files are the key to your success. Let me say that again, another way, you need to find your error_log files. The error_log files are essential to debugging any problem with any site, it’s worth you doing the research to find you error_log files. Please do that regardless, you’ll thank me later
Moving on, you said you have another site that is able to run the scan but there are still infected files, can you please elaborate?
You can send me the files that are still infected, directly to my email.March 9, 2017 at 12:19 pm #1827ok thanks I will see if I can resolve this,
ok wait
March 10, 2017 at 5:43 am #1828Hi again, I tried to sent you the files but the host suspended my account because the site keep sending request
I turned WP_DEBUG to true and I found some errors
Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 1179
Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-login.php on line 398Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-login.php on line 411Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 893Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 894Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 895Warning: Cannot modify header information – headers already sent by (output started at /home/truechea/public_html/wp-includes/class-wp-post.php:1) in /home/truechea/public_html/wp-includes/pluggable.php on line 1179
How I can fix them ?
March 10, 2017 at 6:09 am #1829Really I need help now, this time when I moved my site to another host and try to clean it, the whole host was crushed, this really disappointed
the host is not working now
March 10, 2017 at 7:08 am #1830It looks like you broke the DNS for bytemeup.com at NAMECHEAP by pointing the Name Servers at NS1.BYTEMEUP.COM and NS2.BYTEMEUP.COM, so now there is now way to lookup the A Records for that domain. Try setting the Name Servers back to the NAMECHEAP Standard DNS. Then use the NAMECHEAP to set the IP address for your A records to your new host.
-
AuthorPosts
You must be logged in to reply to this topic.