[mareksgregs]

I’ve already removed the plugin. Since I didn’t even use it.
Do I really need to change database password too? How could they even access my database?

[mareksgregs]

The scan found only one problem, which is:

This file may contain malicious executable code
Filename: wp-content/plugins/user-meta/framework/init.php
File type: Not a core, theme or plugin file.
Issue first detected: 45 secs ago.
Severity: Critical
Status New
This file is a PHP executable file and contains an eval() function and base64() decoding function on the same line. This is a common technique used by hackers to hide and execute code. If you know about this file you can choose to ignore it to exclude it from future scans.

I wasn’t using that plugin though. It was deactivated.

[mareksgregs]

I deleted the user from the database yesterday(in which it didn’t have an email either) yesterday. And it hasn’t come back yet. I think it may be finally gone. 🙂

[mareksgregs]

@jconti What am I supposed to look for in those files?
And I found the user in the users database. Should I delete it?

[mareksgregs]

I think I found out why it says Error – 101 too. When I click “Recheck”, it says “The selected user couldn’t be found on users table”.
So does that mean that it’s beyond user database? o_o

Edit: There’s still no email.

[mareksgregs]

I just deleted the user again, and it re-appeared 5 seconds later, but this time Wangguard logged an IP! This means progress!

Any suggestions for how to ban the IP now?

[mareksgregs]

@ubernaut I tried that Wangguard plugin (thanks for introducing it to me by the way, it’s awesome) and when I scanned the user, it’s status came back as “Error – 101”

I don’t see how my site could be hacked though. Perhaps the problem is in one of my plugins. Unlikely though. All of my active plugins are legit and shouldn’t have spam bots in their files…

[mareksgregs]

@ubernaut Oh I forgot to mention, there isn’t an email associated with the account either.
I think that something in the files may be creating it over and over again. Would that be possible?

[mareksgregs]

Oh thanks!
But it seems that the problem was not much of a problem after all.
I simply had to rename my child theme’s folder. Because apparently, you can’t have space between words. “My Theme” for example wouldn’t work. haha.

[mareksgregs]

@hnla
I expected my child theme’s css to replace the parent. But it didn’t. None of the ids I have in style.css replaced the parent.
And yes, I’ve come to realize that the import tag isn’t doing much either. I removed it yesterday.

I don’t kow what are these ruleset selectors. How do I place them? Where do I place them?

[mareksgregs]

All right so,

1. I created a new theme folder in wp-content/themes
2. Then I created style.css with the following in it,

/*
Theme Name:     The Buzz
Theme URI:      http://site.com
Description:    Child theme for Buddypress Default
Author:         Name here
Author URI:     http://site.com
Template:       bp-default                             
Version:        0.1.0
*/

@import url("../bp-default/style.css");

#contentwide
{
margin: 5px 35px 0;
font-size: 1.2em;
width: 880px;
float: left;
display: inline;
height: 400px;
}

body {
background-color: #eaeaea;
background-image: url(../images/background.gif );
background-repeat: repeat-x;
background-position: top left;
color: #555;
font-size: 12px;
font-family: Arial, Tahoma, Verdana, sans-serif;
line-height: 170%;
max-width: 1250px;
margin: 0 auto;
width: 95%;
}

#site-generator {
font-weight: bold;
color: rgb(54, 54, 54);
margin: 20px 20px;
text-align: right;
text-shadow: #fafafa 1px 1px 0;
}

#footer-widget-area div.widget-area > ul {
height: 110px;
float: left;
margin-right: 2.5%;
width: 23%;
}

3. Added that file to the folder I just made.
4. Activated the Child theme in Dashboard -> Appearance -> Themes

And that’s about it. Nothing happened.

[mareksgregs]

@bphelp I did that. But it didn’t work as I had thought. It only restricted access to Forums and Activity Streams.
Pages like Members ad Groups were still visible to visitors.

Anyway, the function I found in the previously mentioned topic works. So my goal is achieved. Yee. 🙂

Thank you both leading me in the right direction!

[mareksgregs]

Just found this topic. And te last function on it seems to be doing the job except for Activity Streams page… it’s still visible.

[mareksgregs]

Neither one seems to be working completely. Only restricts access to forums page.