Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   Atahualpa 3 Wordpress theme (http://forum.bytesforall.com/forumdisplay.php?f=2)
-   -   Sudden site loss (http://forum.bytesforall.com/showthread.php?t=22960)

webster Dec 15, 2014 05:01 PM
Sudden site loss
 
My site produced only 500 server errors today, although I havent looked at it for months, would not load at all.

Finally I moved the atahualpa directory, and the site defaulted to base theme, and would display, if very ugly.

My cgi error log for the site has no errors since a small un-noticed error last february, until it bgan producing this error, on every attempt to open the site:

Code:
PHP Parse error:  syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in ...../wp-content/themes/atahualpa/functions.php on line 136
line thirty six is in this set [pardon me for not getting the exact line number] :

Code:
if ( is_admin() && isset($_GET['activated'] ) && $pagenow == "themes.php" )
        wp_redirect( 'themes.php?page=atahualpa-options' );
       

function bfa_footer_output($footer_content) {
        global $bfa_ata;
//        $footer_content .= '<br />Powered by <a href="http://wordpress.org/">WordPress</a> &amp; <a href="http://forum.bytesforall.com/">Atahualpa</a>';
        return $footer_content;
Do you see anything wrong here? Any ideas? Ways forward?

I will probably just install a new atahualpa, redo config, rwrite the css......
but if there any ideas, I'd be appreciative.

NOTE: Using Wordpress Theme "Atahualpa" version 3.7.12
No plugins were added since the site was robustly used last summer.
I have other atahualpa sites, on same or similar severs, with identical configurations, all are fine.

cefiar Dec 15, 2014 06:10 PM
I would be checking for foreign PHP code in your site and in things like Atahualpa's functions.php file.

There has been some WP malware going around that inserts stuff into the start of functions.php, which previously caused issues that were immediately obvious. It's quite possible the people using that trick have fixed this so now it's not showing up in the same way.

This did break the way quotes were handled in strings, so it's possible that this is the cause. I'm only guessing here as the issue is to do with a string that contains " characters inside ' characters.

Note: I am in no way saying that Atahualpa is responsible for malware getting onto sites, but it's definitely something to check when things just randomly go wrong. It may be due to a wordpress or plugin vulnerability, weak passwords, or any number of other causes.

Also of note: If you're using the Slider Revolution plugin by ThemePunch, make sure it's up to date. See http://blog.lumension.com/9601/soaks...ress-websites/ for details.

PS: If you ever find anything on your site, you are best rebuilding it from scratch or restoring from a good backup. If you restore from a backup, immediate plug the source of the problem before putting it back online, as otherwise it will just get attacked again.

juggledad Dec 15, 2014 06:16 PM
Quote:
unexpected T_CONSTANT_ENCAPSED_STRING in
\

you've been hacked - if you take a look at the first couple lines of function.php you see some emssy code.

if you don't close the hole that the hacker used to get in, you will be hacked again. Just updating that one file will not do it, you need to change
1) all your FTP passwords
2) your cPanel passwords
3) all WordPress Admin passwords
4) your computer password
5) you need to load a fresh copy of wordpress, every plugin and every theme in your site
6) you need to run a virus scan of every computer that has admin access to the site

you should talk to your host and see if they can help you fine the entryway the hacker used because it could even be a cross server attack.

You might want to go to your site backups to see if you can find out when you were first hacked.

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com...-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://codex.wordpress.org/Hardening_WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordp...erability.html
http://blog.sucuri.net/2010/07/under...wordpress.html

webster Dec 15, 2014 09:19 PM
Damn,
thanks new install

webster Dec 16, 2014 07:17 AM
Can I get earlier versions of Atahualpa?
To extract php files.

Or is there another way to find the css inserts i used in the now borked install of Atahulapa that wont run now?

juggledad Dec 16, 2014 11:49 AM
Do you have a database backup? The Atahualpa settings are stored in a row in the wp-options table with an 'option_name' of 'bfa_ata4'.

You should be able to import that row into the new database and get your settings.

webster Dec 16, 2014 12:55 PM
ahhh no

yes but I apparently have more than one domain in the back up, and I would have more difficulty finding what I want, with my limited skills, than rebuilding. Or so it seems after an hour of attempting to search for, read data from the back up, as it it differentiates from multiple other atahualpa themed domains

The older version of the files seems my best bet to get the css after making the site run for as long as it takes to get the inserts out, before deleting it, and installing new WP and ata

juggledad Dec 16, 2014 01:30 PM
You can get old versins on wordpress at https://wordpress.org/themes/atahualpa/developers/

webster Dec 16, 2014 01:49 PM
Thanks, another donation due juggledad


All times are GMT -6. The time now is 09:50 PM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.