New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
http://www.logaholic.com/manual/references/locating-log-files-for-hosting-control-panel-users/
+$25 ;-)
Compare file/folder structure of the old and old-old theme.
Did you rename the old-old theme so you can run it at the same time?
If you do a db restore, do both versions of the theme work?
This thread is driving me crazy. Why? @myhken, WHY?
I agree.
Theme folders have a lot to do with wp-admin BTW.
but why? I always assumed they should not be needed for the admin-area in any way :-)
Look at header.php first and other files is there any encoded script, usually outdated theme get injected and used to send spam
Search for let.php. You've been hacked by us.
The thing is the theme the site was using (with the issue) is actually three folders under the Wordpress Theme folder. It's News, then News-Pro, then Genesis.
They are showed in WordPress like News Child Theme - News Pro and Genesis.
It's the News Child Theme that actually is the theme for the site.
If I rename the News and News-pro folder they disappear from the WordPress Theme selector. Just the Genesis theme is left.
So can't run them at the same time. But I have now uploaded three .zip files to the Theme folder. One with the three theme folders from 2016, on with the folder from Friday (when they still work) and one with the files after the 500 HTTP error.
If I replace the folders with the first two .zip files the site is working perfectly. If i replace them with the last .zip file I get the 500 Http error.
SO I have not tried a DB restore, since the files/folders works perfectly with the files from 2016, and the files from Friday, but not with the files from yesterday.
And there has been none updates at all on wordpress/themes/plugins from Friday to yesterday.
A theme could throw a 500 error, and it will have effect in wp-admin if it's attached to a hook (filter or action) called from there. It's the same for plugins.
Hmm...did some more testing with just one and one folder with the three theme folders the site is using (without the default WP themes) and I have now pinpointed the issue to the Genesis folder/theme/framework.
When I'm using the files from after the site got the latest 500 HTTP error, I can use both the News and News-pro folder without any issues, but when I replace the Genesis folder, the site gets the 500 HTTP error right away.
Looked at some of the logs, and I can see lots of theese in the error log:
[23-Mar-2018 03:32:22 UTC] PHP Fatal error: Call to undefined function add_action() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/classes/sanitization.php on line 336 [23-Mar-2018 03:34:19 UTC] PHP Fatal error: Call to undefined function add_action() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/classes/sanitization.php on line 336 [23-Mar-2018 07:03:30 UTC] PHP Fatal error: Call to undefined function add_action() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/classes/sanitization.php on line 336
sitexyz = I have replaced the actually site.
Edit:
And here is more around the time the site stopped working at the night today:
[25-Mar-2018 02:15:44 UTC] PHP Fatal error: Call to undefined function genesis_site_layout() in /home/sitexyz/public_html/wp-content/themes/genesis/lib/structure /layout.php on line 27 [25-Mar-2018 02:16:41 UTC] PHP Warning: require_once(/home/sitexyz/public_html/wp- content/themes/genesis/lib/init.php): failed to open stream: No such file or directory in /home/sitexyz/public_html/wp-content/themes/news/functions.php on line 8 [25-Mar-2018 02:16:41 UTC] PHP Fatal error: require_once(): Failed opening required '/home /sitexyz/public_html/wp-content/themes/genesis/lib/init.php' (include_path='.:/usr/lib/php: /usr/local/lib/php') in /home/sitexyz/public_html/wp-content/themes/news/functions.php on line 8 [25-Mar-2018 02:47:35 UTC] PHP Warning: Division by zero in /home/sitexyz/public_html /wp-content/plugins/clicky/frontend/class-clicky-visitor-graph.php on line 249
Now you can try solving the problem with the first Google result
It looks like paid software. You can try contacting support.
Also you can try updating the theme and Wordpress, if they are not in the latest version. Some files are missing, you have been hacked probably.
Don't think I want to do anything to the code - suddenly it's our responsibly if anything else goes wrong, now or for all future. The customer has to hire a webdesigner to fix this issue.
I have done too much already. Like all the time I have spent today, is time I can't charge the customer for, it was just fun to find out more about this issue.
This customer has no other service with us, so we are making around €100/year on this customer at the max. Of course, for the work I have done the last two weeks in worktime, I have charged €120 per hour. (for backup restore, and all the other work).
I'm sure we could have most likely fixed the issue with help from you guys, but like I said, we do not want the responsible for this site. They never upgrade their wordpress installation and/or themes and plugins. And it will create a situation there the customer demands that we fix their site next time they have issues. Hope you can understand that.
Our business is not web hosting, but we are offering webhosting for our customers that has lots of other services with us.
Thank you for all the help as usually, and @Coffee will get his/hers money within the day.
https://www.google.com/search?q=Call+to+undefined+function+add_action()
https://stackoverflow.com/questions/47993237/call-to-undefined-function-add-action-wp-head
https://stackoverflow.com/questions/3947979/fatal-error-call-to-undefined-function-add-action
Like I have told people over and over in this thread - there is no new update on the themes the site is using since January 2016.
Wordpress + the rest of the default themes + all plugins is updated to the latest update. It was one of the first thing I did.
Pst, then reference the error log and call it good!
If you had took a look at the logs since the beginning, you would had noted that it has nothing to do with the server.
So you are fine.
We weren't demanding anything else than cooperation to help you in what you asked
Just to clarify, if you have been hacked, a Wordpress update won't delete all the injected code so you have to delete and replace the wp directories manually and look for malicious code inside wp-content.
Man be thinking: "Now that is a fine boot.... I wonder if she wants my ... hard drive."
.... If only it weren't so floppy. <--- Reality
They deleted the image from their whole media.
Still weird
I feel like @wss, derailing threads.
>
>
Okay, from now on LET is responsible for this site.
You should get a box of cookies and give a cookie to every one in this thread.
I refuse the cookie.
Did you check the logs?
You've mentioned that developer of this theme hasn't updated it since sometime. But your theme is not a full theme itself but child theme and dependent on genesis. So, If genesis is updated and some functions are depreciated, it may also cause errors. However, this is a very common problem and could've been solved by simply looking at logs and finding cause
I think there might be some backdoor on the website. You need to analyze the codes too.
Because then he'd only be able to charge for 5 minutes instead of 500. Duh.
restore site to working condition
disable cron
disable auto updates
change all version files on genesis and other resp themes to a far future version
be done with it..
Can you kindly copy and paste the error logs which you have received against 500 Internal Server error, so that we can provide you solution for your issue, because without checking server error logs, its really very difficult to provide you solution.
Check resources uses...
If the Genesis hasnt been updated since January 2016 I would scan the site with ClamAV or something similar:
https://www.pluginvulnerabilities.com/2016/09/22/arbitrary-file-upload-vulnerability-in-genesis-simple-defaults/
Scan for base64:
find /home/CPANEL_USERNAME/ -name "*.php" -exec grep "base64" '{}' \; -print &> b64-detections.txt
cat b64-detections.txt
Scan for eval:
find /home/CPANEL_USERNAME/ -name "*.php" -exec grep "eval" '{}' \; -print &> eval-detections.txt
cat eval-detections.txt
Decode the files that return back (if any) analyse the content to see what they are doing.
Most of the time you get detections they will either be spam scripts of shells which you can load via there path in the browser as confirmation.
If they are shells or spam scripts you need to find out how they got there.
Use tools like Wordfence which checks vulnerability DB's for Wordpress plugins and themes.
Manually create a list of all the plugins and themes (with versions) and search google for vulnerabilities.
A good site is: https://wpvulndb.com/
What people forget is that even if a plugin / theme may appear to be up to date there may be active vulnerabilities and the developer may have stopped their work.