Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?
Closed 5 years ago.
Improve this questionDoes anyone know anything about the "hypanis.ru" wordpress vulnerability?
A client has recently got a WP virus which has caused his website to output "hypanis.ru" before the headers on ever page. This results in the following error:
hypanis.ru
Warning: Cannot modify header information - headers already sent by (output started at /home/content/html/wp-includes/load.php(1) : runtime-created function:10) in /home/content/html/wp-includes/pluggable.php on line 1219
A search for this in Google shows absolutely no posts/information, but over 29,000 sites that are affected with the same virus: ="hypanis.ru"
This seems like a lot of sites affected, for a virus that doesn't show up on any wordpress vulnerability list or database? Does anyone have any information on this please?
Closed. This question is off-topic. It is not currently accepting answers.Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?
Closed 5 years ago.
Improve this questionDoes anyone know anything about the "hypanis.ru" wordpress vulnerability?
A client has recently got a WP virus which has caused his website to output "hypanis.ru" before the headers on ever page. This results in the following error:
hypanis.ru
Warning: Cannot modify header information - headers already sent by (output started at /home/content/html/wp-includes/load.php(1) : runtime-created function:10) in /home/content/html/wp-includes/pluggable.php on line 1219
A search for this in Google shows absolutely no posts/information, but over 29,000 sites that are affected with the same virus: https://www.google/search?q="hypanis.ru"
This seems like a lot of sites affected, for a virus that doesn't show up on any wordpress vulnerability list or database? Does anyone have any information on this please?
Share Improve this question edited Jun 15, 2020 at 8:21 CommunityBot 1 asked Feb 11, 2020 at 0:45 Neil HillmanNeil Hillman 1831 silver badge9 bronze badges 1- Not sure why this is "too localized" when there are over 29,000 sites affected by this vulnerability and no solution proposed. – Neil Hillman Commented Feb 11, 2020 at 8:34
1 Answer
Reset to default 2I would more suspect a code injection via a plugin's vulnerability; there have been a few of those lately. I don't think it is a virus; just someone that exploited an unpatched vulnerability.
You don't specify whether the site has been updated (WP, plugins, themes) or the PHP version; this would be useful information.
To clean, I would upload fresh/clean versions of all theme and plugin code (deleting those plugin/theme folder's contents first), then upload a fresh WP (everything except your wp-config.php).
I'd also look at your htaccess files, and any custom Child Themes, for any inserted/invalid code. A good database backup is a good idea; and an inspection of the wp-contents table for inserted or modified post records.
And, of course, strong passwords everywhere (WP, database, hosting, FTP); an admin user that is not called 'admin' (and not user #1), and strong passwords on all admin-level accounts.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744759868a4592109.html
评论列表(0条)