• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Homepage displays cryptic characters / Homepage zeigt kryptische zeichen an.

P

PhillipMTV

New Pleskian
Server operating system version
Ubuntu 20.04.6 LTS
Plesk version and microupdate number
Plesk Obsidian v18.0.58_build1800240123.15 os_Ubuntu 20.04
Hello dear community, the homepage has not been able to be displayed for 2 days.
No settings were changed.
When the homepage opens, it will be shown in the image.
Strangely, the subdomains are not affected by this.

can someone help me with that?

Thank you


2024-02-20 11_42_09-Window.png
 
To me this looks like a typical symptom of a hacked website.
When you look into the index.php file, do you see the same cryptic characters?
Do you see any suspicious file names like x95vz.php, TR39fv.php etc. in your document root directory?
Do you see any suspicious modifications of your .htaccess or wp-config.php file?
 
Moin Peter,
ich habe gesehen, du kommst aus Berlin.
Dann können wir ja auch Deutsch schreiben.
in der Index sieht alles normal aus.
Auch in der htaccess sieht alles normal aus.
Die wp-config.php hat die komischen Zeichen auch drin.
Die Dateinamen x95vz.php, TR39fv.php habe ich nicht gefunden.

Habe die auch als Bilder mit begefügt

Ich hoffe das hilft um das Problem zu lösen.

Schöne Grüße
Phillip

[Courtesy translation by your admin:
"I saw that you're from Berlin.
Then we can also write German.
Everything looks normal in the index.
Also in the htaccess everything looks normal.
The wp-config.php also has the strange characters in it.
I have not found the file names x95vz.php, TR39fv.php.
I have also added them as images
I hope this helps to solve the problem."]
 

Attachments

  • 2024-02-20 21_29_08-Window.png
    2024-02-20 21_29_08-Window.png
    102.8 KB · Views: 3
  • 2024-02-20 21_25_55-Window.png
    2024-02-20 21_25_55-Window.png
    20 KB · Views: 3
  • 2024-02-20 21_18_58-Window.png
    2024-02-20 21_18_58-Window.png
    57.5 KB · Views: 3
Last edited by a moderator:
PhillipMTV said:
The wp-config.php also has the strange characters in it.
I have not found the file names x95vz.php, TR39fv.php.
Click to expand...
In order for other users on the forum to being able to understand all posts, the forum language is English.

When the wp-config.php file has strange characters, your website has been hacked. The file names were just examples. There could be other .php files that do not belong to a Wordpress installation. It is also possible, that non such files exist. They'd just make it easier to identify a hacked website.

To fix the issue you need to remove the website and restore a copy that is free of malware from a backup. Normally malware is introduced by plugins or themes. You'll need to verify for each plugin and for the theme that it is the latest version and that no security issues are known for it. If you run other websites in the same webspace account, you can be sure that these have also been infected by now by the malware that was introduced to your one website. These need to be restored, too.

You can try to fix the issue using the paid version of ImmunifyAV, but even if this might fix the symptoms, it will not fix the root cause. The root cause is a security breach in the code of a plugin or theme.
 
You must log in or register to reply here.

Similar threads

L
Resolved 413 Request Entity Too Large - after changing Domainname
Replies
3
Views
831
Lychnobius87
L
S
Issue Plesk Control Panel search and specific pages/actions are extremely slow, while website works fine.
Replies
3
Views
790
SirAdams
SirAdams
S
Question Help access subdomain images from primary domain
Replies
3
Views
1K
SkyB
S
S
Question Preview Generator von NextCloud unter Plesk auf Ubuntu 22.04
Replies
0
Views
416
schubert72
S
U
Issue Umlauts broken in mail forwards but not in mailbox
Replies
9
Views
1K
ufreier
U
Back
Top