InMotion Hosting Support Center

all kinds of strange events on WP sites

Category: Wordpress

200 Points
2015-04-22 10:47 am EST

Hits: 226
1. Settings > Reading > changed from Static Page to Latest Post. then i get a Page Not Found (since i don't have any posts). i went into 1 addon domain and changed an image on the home page and deactivated Meta Slider which resulted in above. SiteOrigin, Vantage Theme, Page Builder pluse 25 plugins. this has happened on 2 addon domains so far.
1b. on same sites i noticed the Static Page i use for home page, it's the static page i use for Home page is having strange Permalink issues where the suffix part is changing to a name it wasn't before. it is a page name from another addon domain in my cpanel. i did use softaculous clone 1.5 years ago to create most of the sites in my cpanel but the name showing up in suffix was never used in this site.

2. softaculous clone seems to have a bug i've found where it's not properly cloning a site built with Siteorigin plugins.

3. 2 weeks ago i found a text file in my cpanel, a.txt, in another addon domain directory with text "Hacked By ZeynnymouZ". IMH scanned for malware and said i was clean but they don't scan for code injection. they said it might have just been a text file. i told softaculous techs and IMH about the ZeynnymouZ but all you guys feel this has nothing to do with the very strange events that are happening.

4a. i am NOT able to Run this Bishop Vulnerability Scanner. i can load the Demo Rules but there's not info on how to execute/run it!
4b. do you know of any code injection scanners or code injection "repair" tools?

thanks for any help

You must login before you can ask a follow up question.

You must login before you can submit an answer.



42,519 Points
2015-04-22 11:29 am EST
Hello TheBoatPeople,

Sorry about the problems with your website. I will go through each of your points. Please note that if you require individual inspection of your website, you should be submitting a support ticket to our live support team.

1. If you're getting behaviors that are unusual due to the removal or change of a third-party plugin/theme, you will need to consult with the support for that plugin or theme. There are thousands of plugins and themes available for WordPress. We unfortunately cannot provide support for all of them.

1b. If you used a clone to create your WordPress sites, you will have needed to reset your permalinks by saving them as default and then re-saving them to your custom permalink. Otherwise, the permalinks in the database would not be overwritten. If you are using any type of caching, it would also be advisable to clear that cache as it can retain any previous setting.

2. We are unfortunately not the coders for Softaculous. If you're finding a bug due to a third party plugin, you will need to consult with the support/developer of that plugin in order to resolve any particular abnormal behavior.

3. If support had found old text in your files (possibly from a previous issue), and they have declared it benign, then it will not affect your website. A text file would not affect your website, or cause the behavior that you're seeing above.

4. Installing software such as Bishop Vulnerability Scanner requires that you have root access to your account. I do not know of any code injection scanners or code injection "repair" tools that you could use for your website.

I hope this helps to answer your question, please let us know if you require any further assistance.

Arnel C.

You must login before you can post a comment about this answer.

1. i can reproduce the error (#1 above) EVERY TIME when i change an image on the front page (it does NOT happen when i change an image within Meta Slider front page slider). my set up is Siteorign Page Builder using Vantage theme.
#1 - Settings > Reading > changed from Static Page to Latest Post. then i get a Page Not Found (since i don't have any posts).

i've been using Siteorign for about 1 year and it didn't do this before but occasionally see plugins don't work with it.

the problem is Meta Slider is #1 wordpress slider. Sitrorgin is very widely used plug in too. i'm not a MIT graduate, i can only hope the popular plugins work. do you know of a site that vets these plugins?

1b. i know to do this, thanks.

2. i submitted a ticket with softaculous and they see it and don't know how to fix it as yet. Brijesh said it has something to do with that site's "serialization". and this site is a Site Origin Page Builder site.
i've deactivated all cache plugins. i find they bring my sites more problems than good.

3. i'm wondering if i just found the a.txt hack text file and other code injection occurred.

4. the link i provided is a google chrome browser extension. it is not installed on server or local. that's what's so nice about it. but they show you how to do everything except RUN/Execute the darn thing LOL! i think you'd like this tool if you could get it to RUN! but you can only use it on a site you own or have permission to scan!

thanks for the good support, as usual!

200 Points
2015-04-22 1:39 pm EST
Hello TheBoatPeople,

Sorry for the problems with the theme. Part of the issue is that just because you're using a theme and haven't made any changes doesn't mean that the code supporting that theme won't get updated. This change may affect the theme that you haven't made any changes to. I would highly recommend you contact your theme provider and ask for their support in this issue.

The Meta Slider is NOT a part of the base WordPress code (nor is the theme), so differences in their behaviors are not necessarily a part of the WordPress application as a whole.

Thank you for submitting a ticket to Softaculous. The issue of the cloned websites and the problem you're having as a result are not issues we can address as this is a program and functionality that Softaculous will need to fix.

The Site Origin software is widely used, but it's not a majority of the users for WordPress. Your problems may be better addressed through their support forums as they can make any necessary changes to their code or identify issues that need to be addressed a particular way.

It's always a possibility that you have found the results of a new hack. However, since this was noticed by a Systems person earlier, it's more likely that the files were simply there, benign and therefore not deleted. We do not endorse any particular software for scanning websites, so if you have found something you like and you can load it, feel free to do so.

I hope this helps to answer your question, please let us know if you require any further assistance.

Arnel C.

42,519 Points
2015-04-23 11:48 am EST
Like this Question?

Support Center Login

Our Login page has moved. Please click the button below to be redirected to the login page.

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!