Jump to content

Archived

This topic is now archived and is closed to further replies.

intershape

Problems with DMS theme php error (deprecated.php)

Recommended Posts

intershape

Hi when I upgraded to the latest wordpress and latest DMS my site won't load.

From error log:

[22-Sep-2015 17:35:40 UTC] PHP Warning:  require_once(/home/oahqllvi/public_html/wp-content/themes/dms/dms/includes/deprecated.php): failed to open stream: No such file or directory in /home/oahqllvi/public_html/wp-content/themes/dms/dms/includes/init.php on line 18
[22-Sep-2015 17:35:40 UTC] PHP Fatal error:  require_once(): Failed opening required '/home/oahqllvi/public_html/wp-content/themes/dms/dms/includes/deprecated.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/oahqllvi/public_html/wp-content/themes/dms/dms/includes/init.php on line 18

 

I can fix this by uploading latest dms files again, the files in dms/dms. Then I don't get the error. And after a day or so I get the problem all over.

It seems like the file deprecated.php gets renamed to deprecated.php.suspected and by then its no longer reachable.

I have tested with disabling all plugins. Not helping.

If I rename the theme folder DMS and "child theme folder" to .bak the site works.

 

First I thought it was something wrong with the server. On the web hotel side they stated that the site has security issues with the rev slider. But my site doesn't use that at all.

Revolution Slider fix:
https://wordpress.org/plugins/patch-for-revolution-slider/

https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html

 

I also get these warnings:

Notice: Den kalte constructor-metoden for WP_Widget er foreldet siden versjon 4.3.0! Bruk 

__construct()

isteden. in /home/oahqllvi/public_html/wp-includes/functions.php on line 3457

Notice: Den kalte constructor-metoden for WP_Widget er foreldet siden versjon 4.3.0! Bruk 

__construct()

isteden. in /home/oahqllvi/public_html/wp-includes/functions.php on line 3457

 

Site url:

http://østsidafrikirke.no

-> http://xn--stsidafrikirke-pqb.no/

 

I have Wordpress 4.3.1 and DMS 2.2

All plugins are up to date.

pagelines pro plugin memtest

Ram test Results: 259688Kb or approx 254Mb

 

Share this post


Link to post
Share on other sites
intershape

List of plugins. Wp super cache is not activated.

Also one of the later changes that I made was installing I-themes security.5601bd85381f6_Skrmavbild_2015-09-22_kl._

Share this post


Link to post
Share on other sites
Simon

Why is your host renaming files?

Whats in that file that makes it suspected of something?

The widget error is caused by a plugin not registering a widget properly.

Share this post


Link to post
Share on other sites
intershape

I don't think it is the host, can it be wordpress or the security plugin? I still get the error when deactivating all plugins.

Tnx for Reply

 

Share this post


Link to post
Share on other sites
Simon

DMS does not add any widgets using the old pre php5 methods, im sure of that.

I cant comment on your security plugin, does it have options? Disable it and see if the file still gets renamed.

Surely there should be some sort of log somewhere to say what was renamed?

Share this post


Link to post
Share on other sites
jeomiland

Hi guys

I am getting exactly this also on a very simple site. Seems the Wordfence plugin on my site may be doing this (changing to deprecated.php.suspected) I just got through doing a clean install of the latest Wordpress 4.41 and latest DMS 2 then moved over the other plugins I had saved. Seems there was an auto scan around 6pm today that changed deprecated.php again. Options in Wordfence have an option to turn off the cache which helped another issue so I just did that. Next auto scan should happen thurs morn, so will see if it breaks again. Very frustrating!  And why does it not break on other sites I have with simmilar plugins on same server???

I notice an interesting warning error during a scan "Notice: Undefined index: cf89cc03 in /home/.../public_html/wp-content/plugins/wordfence/lib/wfDict.php on line 1" Maybe that's part of the problem? If it breaks agin in morning, will trash Wordfence and install a fresh copy of it.

intershape, did your problem get fixed?

Share this post


Link to post
Share on other sites
Simon

Open that file what is line 1?

Share this post


Link to post
Share on other sites
jeomiland

Oh my. It looks like a hack file. See attached. Am wiping now and will install a new download of Wordfence. (see attached)

wfDict.php

Share this post


Link to post
Share on other sites
jeomiland

OK just wiped Wordfence plugin folder and installed new version. I see the fresh version indeed does NOT have the obvious hack code inserted before line-1. Let's hope the hacker does not come back. (Have already changed account PW for the site - should I also change the mySQL user PW for the database?)

So just how does one secure a site against hackers when the very security plugins used for protection get hack injections themselves!!!

Looking for advice and I'm sure all will want to know the answers to:

1) what are the best security plugins to use and what settings should be set?
2) what are the best permissions to set for the various files/folders in a WP installation?
3) what php/mySQL versions and settings need to be checked for optimum performance and security (I run my own VPS server)
4) when there is a hack attack, of course change the account PW but should you also change the mySQL db user PW also?
5) any other "best practices" recommended?

Thanks - I am confident the answers to these questions will be invaluable to all.

Share this post


Link to post
Share on other sites
Simon

1st thing id do is log into the VPS and search it for the string '$GLOBALS' .. to see if any other files are infected.

Share this post


Link to post
Share on other sites
jeomiland

Thanks Simon. Great technique. Found a couple files, (notably Gravityforms and Jetpack on another site). Again, would love some ideas on the previous questions to make it harder for hackers to get in and inject their crap into plugin files.

Share this post


Link to post
Share on other sites
Simon

There are simply 1000s of variables though, the fact you are using your own VPS makes it even harder.

What HTTP server are you using? What versions of mySQL/PHP are you using?

What server hardening did you do?

If you have not setup the server properly no magic WP security plugin will help you.

Ive run my site on my own VPS for years, never been hacked. I reset the PHP server yesterday after upgrading to PHP7.0.2_rc1 and have 400,000 cache hits, so its fairly active ;)
I dont have any security plugins installed, I think they are all over hyped rubbish.. 
I keep WordPress up to date and always update any plugins I have.
Most hacked sites are the ones people do not update core/plugins then log in 18 months later and realise they are now hacked.

Share this post


Link to post
Share on other sites
jeomiland

Hi Simon

The server is: Linux CENTOS 6.7 x86_64 virtuozzo – server  runing PHP5.5.27, mySQL5.5.47 hosted at ServerPoweded.com (in Florida)

You can take a look at details at: http://jeowebproductions.com/phpinfo.php

I have a csf v8.08 firewall in place runing lfd .

Have had the server package for many years, It's an "unmanaged" service and I'm learning server admin as I go. Company got purchased by Infinitum Technologies couple years ago and this past year I have had several issues that actually cost me a couple clients. Had basically no problems with server in the years before that. Got a great deal on the monthly price but it's at the point now where I either have to hire someone to tighten up and tune up the server or be satisfied with just running a couple small, non-critical sites or contract a new service. But you know, without more clients to pay the bills, can't really afford to upgrade my server system.

Can you tell much from these answers and the phpinfo link above? Any feedback will be very much appreciated.

Share this post


Link to post
Share on other sites
jeomiland

thanks for that.

In doing a web search I found: http://www.whmsecurity.com/whm/how-to-whm-server-hardening-and-security-basics

and they suggest these that you do NOT have in your list. Kidly comment on the advisability of including them or would they be a problem?

disable_functions = show_source, symlink, dl,
passthru, phpinfo, escapeshellarg, escapeshellcmd


(the only ones this article has that is also in your list are: system, exec, shell_exec,)

Share this post


Link to post
Share on other sites
Simon

Im not a security expert, I got my list from this forum software, when you install it give recommendations.

There are many many articles out there on hardening a VPS.

Share this post


Link to post
Share on other sites
jeomiland

from server support:

I can see that you are already using stable versions of your services and as such they do not cause any security issues.
If you still wish for us to disable the functions that you requested, we can proceed with that, but i would not advise it if you are not sure what those functions do or how can they affect your server.

Regarding the WordPress issue, please refer to the following link on how to harder your word press against intrusions and hackers
http://codex.wordpress.org/Hardening_WordPress

Most issues regarding hackers and WordPress are caused by the WordPress and not the server configuration.
---

Have implemented your suggestion and check a couple sites on the server which appear to still work(wheew!) Need to do exhastive check of all sites. Also am compiling a quick reference for those php functions. Shall I post that here for others?

 

Share this post


Link to post
Share on other sites
Simon

I thought it was a VPS? Why do you need permission to edit php.ini?

Share this post


Link to post
Share on other sites
jeomiland

it is VPS but hosted physically at serverpowered. I have total control over it but also have access to tech support at the server company and do run things by them before making significant changes like this. They know more than I about server stuff.

Share this post


Link to post
Share on other sites

  • Similar Content

    • Steve Webb
      By Steve Webb+
      I am having an issue with DMS editor not loading.  Just keeps spinning and spinning.
      Have tried several things - Logged in and out, cleared cache, deactivated all plugins, but the issue persists.
      I even had our host restore from a backup a few weeks ago, when I know it WAS working, as I edited a text box on the homepage.  The restore from backup didn't help either.
      Also, the front end of the site shows that the site is framed, or boxed now (whatever you call it), instead of full width as it was previously (last week).
      Dev console shows that there are php errors in Google maps - file is attached.
      Can someone please help?  Not sure what else I can do here...
      Thanks in advance.
      -Matt

    • tuciudadenred
      By tuciudadenred+
      Hi everyone, what happens is that the web page metrosalarmas.com has a google tags which I have not attacked where I can look to remove those tags and be able to locate the correct ones.
    • Steve Webb
      By Steve Webb+
      I am having an issue with DMS editor not loading.  Just keeps spinning and spinning.
      Have tried several things - Logged in and out, cleared cache, deactivated all plugins, but the issue persists.
      I even had our host restore from a backup a week ago, when I know it WAS working, as I edited a text box on the homepage.  The restore from backup didn't help either.
      Also, the front end of the site shows that the site is framed, or boxed now (whatever you call it), instead of full width as it was previously (last week).
      Dev console shows that there are php errors in Google maps - file is attached.
      Can someone please help?  Not sure what else I can do here...
      Thanks in advance.
      -Matt

    • JawDesigns
      By JawDesigns
      Hi everyone,
      Flywheel have reported errors on my clients site 'www.racewaredirect.co.uk' and it's not loading. Can someone please provide some information on how to fix this? The site has never experienced these issues before.
      Thanks,
      James Wilson
    • MissT
      By MissT+
      Hi there,
      I've got an issue with 3 websites built with DMS since I migrated them from http to https that I need help with please.
      When any changes are made - e.g. new posts added or existing posts amended - certain sections of the live site seem to break e.g. image headers hang and don't load (b/g on canvas section), sliders hang and don't load (Revslider), flipper section doesn't load.
      Logging in and then clicking 'Edit the site using DMS' seems to fix the problem. Often if I try to open up another browser window to edit the site / re publish I'm unable to as the page wont load / hangs while trying to load.
      Any ideas how to fix this? On a couple of the sites I've installed a caching plugin as I thought it might be a loading speed issue but it's still happening.
      Website URL's can be provided privately.
      Many thanks in advance.
×