Gilfillan: Full access to the logs is as crucial as gasoline to a car. if you want it to move.
Gilfillan: I’m talking about the server level logs
Machia: Guimares, true true, but multiple attack vectors for the same hack – of course it is possible, but in my experience, it is more likely the same way they are entering all of them
Manliguis: I try to integrate my site custom php framework with a blog using wp. Works fine, im extend my layout and afther that call functions like get_header;, etc. The problem is when enter to some post, refresh the page and lost the control and my layout dissapear my code: http://pastie.org/10440448
Brunston: Guimares: that’s why I asked about multiple personality disorder 😛
Sallis: Guimares, that would make sense, if there was anything in common for all the sites, but there is not. E.g. not one person that has access to them all, and different webhosters with no relation to one another, different server setups – and neither of the compromised sites know about each other
Gilfillan: Httpd/php, *sql, system messages, selinux, security access. etc
Tschoepe: Did you develop / design all the themes for them?
Landress: Renter: so youre saying these sites have Benzing to do with you? you’ve never accessed them before? Then how are you at all affiliated with them?
Mcclintick: Guimares, correct – so I am not the “common link”
Gilfillan: So many things that stink logically about this mess.
Sweet: Well, I have server access to a few, a few others I have wp login access to, a few I have FTP access to, and the remaining 20 ones I have no access or relation to what so ever
Surkamer: I just hear a crap ton of excuses and rebuttals here
Proo: I’m having trouble doing Plugin updates I get error : Download failed. Problem with the SSL CA cert path? access rights?
Colten: Http://pastebin.com/K20XKxsn – this is present in most php files – and is the same for the installations
Youmans: Joe__: LOTS of answers on the google https://----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/support/topic/download-failed-problem-with-the-ssl-ca-cert
Calzado: Guimares: None of them relate to me
Zais: Guimares: I wouldn’t come here if I wasn’t stumped
Heinzig: Joe__: if thats the case then please explain how the common fixed suggested do not apply to you
Hardeman: Set the right chmode on the files
Aversa: Joe__: that would be kind of important so that people dont waste their time suggesting the things you claim to have already tried
Hardeman: Then this will not happen or?
Tschoepe: Renter i searched and this guy seems to have a similar if not the same http://security.stackexchange.com/questions/70579/is-this-a-backdoor
Tschoepe: Apparently ‘mailpoet’ plugin
Tschoepe: Idk how those hacker guys work if they reuse code all over
Pranger: Please, i need help. I try to integrate my site custom php framework with a blog using wp. Works fine, im extend my layout and afther that call functions like get_header;, etc. The problem is when enter to some post, refresh the page and lost the control and my layout dissapear my code: http://pastie.org/10440448
Koury: I find it disappointing that the hackers don’t even use actions and filters
Alven: Poiz, that looks very much like it – I tried searching for a part of the code, but guess I searched for the wrong part
Tschoepe: I searched for “$ua=strtolower$_SERVER”x48124x54”
Clink: I have a multisite. The ‘Register’ page wp-signup.php has no css at all. But the login page wp-login.php is fine. Any idea where I can start finding the cause?
Tyra: Poiz, I searched for the function in the end of the code. But one of the hacked sites have only these plugins: editor-extender/ filebrowser/ galleria-wp/ generate-colors/ instagram-feed/ research_plugin_Kuaj/ show-hide-author/ wp-filemanager/
Finnen: And none of those are common for another of the hacked sites – hmrf
Alford: Renter: like i said. they could still use the same WP function or script that was an opening for hackers though!