- This topic has 10 replies, 3 voices, and was last updated 3 years, 5 months ago by
.
-
Posts
-
Hello,
When I go to a search engine (Google, bing) and type in “Academic Network Americas”
my webpage comes up
but
when I click on it
I get an error on the website<b>Warning</b>: str_rot13() expects parameter 1 to be string, object given in <b>/home/content/74/8816874/html/redacademica/attrs3-name.php</b> on line <b>2</b>
but, if I log in by typing in “www.redacademica.org” into url bar of browser I don’t get that error
Please help
I don’t know how it may have happened, but the link from google has been hacked to go to what looks to be a fake pill website – at least that what happens when I click. That message is not coming from you own website, but somewhere else.
This is an unfortunate situation, and I’m not really sure how you get it fixed. There might be some contact link to Google.
You might also want to get your own website scanned for hacking as it may be there. The first thing I would do would be to install the Wordfence plugin on your site, and have it scan your site. If you already have a security plugin, then your webhost might be able to help.
But I guess I suspect your site has been hacked.
Thanks for your response
The same thing occurs when I go to the website from bing
This is the result of the wordfence scan:
What to do?
File appears to be malicious: wp-content/plugins/weaverx-theme-support/attrs3-cache.php
File appears to be malicious: wp-content/plugins/show-posts/lib2-name.php
File appears to be malicious: wp-admin/css/license3-session.php
File appears to be malicious: wp-content/plugins/lang3-cache.php
File appears to be malicious: locale-meta.php
File appears to be malicious: attrs3-name.php
File appears to be malicious: wp-content/plugins/wp-edit/docks2-image.php
File appears to be malicious: wp-content/themes/suffusion/class2-lib.php
File appears to be malicious: wp-includes/Requests/Exception/quotes1-cache.php
File appears to be malicious: wp-includes/Requests/Proxy/license3-lang.php
File appears to be malicious: wp-includes/SimplePie/Parse/lang3-image.php
File appears to be malicious: wp-includes/js/crop/name2-quotes.php
-
<li style=”list-style-type: none;”>
- Filename: wp-content/plugins/weaverx-theme-support/attrs3-cache.php
- File Type: Not a core, theme, or plugin file from wordpress.org.
<li class=”wf-issue-detail-spacer”>
- Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <strong class=”wf-split-word”>.$extempore[‘0’].\x0a$conduct[‘5’]. $bladdernut[0].\x0a$macrostructure[1].\x0a$conduct[‘5’].$grabber[‘1’].$jedd .$cultivators[7] .$bladdernut[‘5’]The issue type is: Backdoor:PHP/qhkh.A.6865
Can I go ahead and delete this file???
You should start by saving your theme settings and downloading a copy.
Then Switch to a different theme.
Then delete all weaver theme and plugins as well as all the plugins mentioned in the report.
Then download and install a fresh version of the Xtreme Theme from WordPress
Next do the same for all the plugins.
All your settings should automatically be restored.
Then scan again for errors
That may work, but your site was definitely hacked.
It most likely does not originate with Weaver or Weaver plugins as the diagnostics show malicious file in several places, including core WordPress and several plugins.
Often, such hacks only appear in code, but they can have malicious content in your database as well.
There are some options:
- You hosting company may be able to fix this – sometimes for free. One way would be to restore to some date when the content was known to be not hacked.
- You can hope it was just the code, and didn’t mess with the data base. In that case, you should keep track of all your plugins. Then deactivate and delete ALL plugins. Then use the Updates to restore WordPress. You then might want to set to a default theme like Twenty Twenty. There will be a time when your site is down. You could at this point install a site in maintenance plugin. Then install Wordfence again and rescan. If it is clean, then restore all your plugins plus Weaver, and set Weaver as your theme. At this point, if the database was not corrupted, you really should be back to the starting point. You won’t want to touch your /wp-content/uploads directory unless Wordfence finds some malicious content there.
It is a pain, but must be done. You have to clean your entire site.
Keymaster,
Thanks for your reply and guidance
Will relay to my supervisor
/up-content/uploads didn’t show up in Wordfence scanLooking forward to rebuilding the site using weaver theme
The /uploads directory has your images and uploaded content. It is scanned, but normally won’t have .php code in it.
Being hacked is totally frustrating. Some hacks can redirect your site or links to malicious sites, so it is important to get it fixed asap. I’m not saying that has happened to your site – I don’t know, but after it is all fixed, it is important to use Google webmaster tools to confirm Google considers your site safe. If it doesn’t, then it probably detected the hack and marked it unsafe. You then have to submit your site to Google to have them re-check it. This seems to take a day or so to happen – I unfortunately know that because of personal experience on a different site of mine.
“it is important to use Google webmaster tools to confirm Google considers your site safe”
Can you show me how/where to do this?
That is really beyond Weaver specific.
At this point, you can search Google for information about Google Webmaster tools. I would think there are tutorials, etc.
I just wanted to inform you of some of the issues you MAY have. It is totally possible that simply cleaning your site by reinstalling will be enough. A problem I had on a hacked site was that it forwarded visitors to a malicious site and that made Google block my own site. And if that happens, there is a whole bunch of stuff you have to do with the Webmaster tools. If you site does not end up being blocked, then there is likely nothing to worry about.
Keymaster,
Thanks again for your help
We decided to move to a reputable hosting company (I think the site was hosted on a university server)
Will search for Google Webmaster tools
And wordfence plugin will be a priorityWeaver theme is something I can see myself working with for years to come
Hope to learn more about the weaver way and continue to be a part of this great communityThanks again for pointing me in the right direction
- You must be logged in to reply to this topic.