WordPress malware. I can't log in. Help!
November 4, 2013 8:14 AM   Subscribe

My beloved website, MicroHorror.com, seems to have been infected with malware, and I can't log in to WordPress. Please help!

When I go to the site, this is displayed in the header:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/modules/.DS_Store/.DS_Store.php) is not within the allowed path(s): (/f2/microhorror/:/nfsn/apps/php53/lib/php/:/nfsn/apps/php5/lib/php/:/nfsn/apps/php/lib/php/) in /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php on line 101
When I click to log in to WordPress, it displays this above the log in panel:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/modules/.DS_Store/.DS_Store.php) is not within the allowed path(s): (/f2/microhorror/:/nfsn/apps/php53/lib/php/:/nfsn/apps/php5/lib/php/:/nfsn/apps/php/lib/php/) in /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php on line 101

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 368

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 380
When I actually try to log in, it displays this, and the whole thing fails:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/modules/.DS_Store/.DS_Store.php) is not within the allowed path(s): (/f2/microhorror/:/nfsn/apps/php53/lib/php/:/nfsn/apps/php5/lib/php/:/nfsn/apps/php/lib/php/) in /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php on line 101

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 368

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-login.php on line 380

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 680

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 681

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 682

Warning: Cannot modify header information - headers already sent by (output started at /f2/microhorror/public/microhorror/wp-content/plugins/wp-malwatch/wp-malwatch.php:101) in /f2/microhorror/public/microhorror/wp-includes/pluggable.php on line 876
I'm trying not to panic. Please tell me how to rescue my site!
posted by Faint of Butt to Computers & Internet (8 answers total) 2 users marked this as a favorite
 
Do you have ssh access to the server?
posted by pharm at 8:21 AM on November 4, 2013


Best answer: I don't know that you actually have a malware. Looks more like your plugin is misbehaving.

I'd start by FTPing to the site and removing the folder at:

wp-content/plugins/wp-malwatch

Then try logging in.
posted by humboldt32 at 8:22 AM on November 4, 2013 [2 favorites]


Best answer: Yes, it's wp-malwatch. Remove its folder, and the problem should go away.

It's a very old plugin and doesn't seem to have any support.
posted by scruss at 8:58 AM on November 4, 2013 [1 favorite]


Response by poster: Thanks, folks. I deleted the plugin and that solved the problem. I then proceeded to upgrade WordPress, and now I have a new problem. When I try to edit a post, the field that should contain the post text is completely blank. I opened a support thread, but maybe you have an idea.
posted by Faint of Butt at 11:23 AM on November 4, 2013


Standard debugging advice: disable plugins and set to a default theme and see if you have the issue, gradually reenable things and narrow down the source of this secondary problem.
posted by artlung at 4:30 PM on November 4, 2013


Response by poster: Thanks, artlung. It didn't help.
posted by Faint of Butt at 5:37 PM on November 4, 2013


Response by poster: I fixed the blank-field problem by downgrading, but now I have yet another new problem. Special characters are being replaced by question mark/diamond glyphs: � They used to display just fine. Research indicates this has something to do with character encoding in phpMyAdmin? Explain like I'm five, please.
posted by Faint of Butt at 6:27 PM on November 4, 2013


Could be one of several things. I'd need to explore the server, the theme, the database, and understand how you got to where you are. Could be the wrong encoding on your database but if it was working before it's not definite. I don't think I can be productively helpful in this thread. My contact info in my MeFi user profile if you want to reach out.
posted by artlung at 9:12 AM on November 5, 2013


« Older Found in Translation   |   Help me be a morning person - just this once! Newer »
This thread is closed to new comments.