3 random warnings atop pages – including "include once" and cannot modify header

  • Author
    Posts
  • #3066676

    Hi there, we used to have a professional web gal maintain our website and haven’t fully hired a new one yet because we are re-branding. I’m the lowly employee who has figured out most of it and kept things up to date.. but a new error occurred. It is my thoughts it either happened AUTOMATICALLY when my site automatically updated wordpress versions on Tuesday, or perhaps it’s related to me turning on SuperCache after having disabled it for a bit while making some updates a month ago and wanting to see those changes take place live. Any ideas on how simple or hard of a fix this is? Boss wants it fixed ASAP and I am clueless. I will truly appreciate your help… perhaps forever :)

    http://www.madelinestuart.com — it appears on all pages

    Warning: include_once(/home/wp_khsyrn/madelinestuart.com/wp-content/plugins/add-to-any/add-to-any.php): failed to open stream: Permission denied in /home/wp_khsyrn/madelinestuart.com/wp-settings.php on line 305

    Warning: include_once(): Failed opening ‘/home/wp_khsyrn/madelinestuart.com/wp-content/plugins/add-to-any/add-to-any.php’ for inclusion (include_path=’.:/usr/local/lib/php:/usr/local/php5/lib/pear’) in /home/wp_khsyrn/madelinestuart.com/wp-settings.php on line 305

    Warning: Cannot modify header information – headers already sent by (output started at /home/wp_khsyrn/madelinestuart.com/wp-settings.php:305) in /home/wp_khsyrn/madelinestuart.com/wp-content/plugins/wp-super-cache/wp-cache-phase2.php on line 60

    The blog I need help with is madelinestuartcom.wordpress.com.

    #3066792

    Oh dear, I got this email in my spam from DreamHost, I have a feeling this helps explain it… but I am not sure I know how to do what it says. And we weren’t necessarily even hacked? AddToAny is a free wordpress plugin, what the heck!

    We have recently scanned one or more users on your DreamHost account for potential security threats. Unfortunately, we found some potential indications that your website(s) *may* be compromised.
    We understand that this may not be the best news you can get. This notification is intended to help you through the process and serve as a starting point to assist you in getting your account cleaned and secured. While we won’t be able to complete these processes for you, if you have any questions about the items that follow please don’t hesitate to reply to this email and we will be happy to clarify any points or offer any further guidance to help you through getting your account back to normal.

    We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts.
    The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:
    /home/wp_khsyrn/madelinestuart.com/wp-content/plugins/add-to-any/add-to-any.php

    The existence of this known attacker content indicates that your website or user password has been compromised. You or a trusted webmaster will need to determine the attack vector and then take actions to mitigate further exploits:
    https://help.dreamhost.com/hc/en-us/articles/215604737_hacked_site
    Additionally, the following steps should be taken to ensure password
    security:
    • Change your users’ password(s) by clicking under the “Action” column for that user in our Web Panel: https://panel.dreamhost.com/index.cgi?tree=users.users
    • Change your database password(s) by clicking the database username in our Web Panel: https://panel.dreamhost.com/index.cgi?tree=goodies.mysql
    IMPORTANT: You may need to modify your site’s configuration file to reflect the new password.
    • Use a complex (8-31 characters) password or passphrase that contains mixed case letters, numbers, and symbols. You should avoid using dictionary words (in any language), names, dates, addresses, phone numbers, etc. as these can potentially be guessed or acquired through other sources. The username that the password is being used for, or the domain name/site name the user is attached to should never be included in any part of the password. Also note that it is a good idea to periodically change your passwords

    #3066799

    Hi!

    http://www.madelinestuart.com/ is a self-hosted WordPress (WordPress.org) site and not hosted here with WordPress.com.

    I am afraid we are unable to help you here. These forums are only for questions related to WordPress.com sites.

    You can post the question on self-hosted WordPress (WordPress.org) forums for help: https://wordpress.org/support/

    You can learn the differences between a self-hosted WordPress (WordPress.org) site and a WordPress.com site here.

    Additionally, you can follow with DreamHost to clear this issue.

The topic ‘3 random warnings atop pages – including "include once" and cannot modify header’ is closed to new replies.