File manager

File manager - Edit - /home/kdmucyyv/semigocare.co.uk/wp-includes/interactivity-api/.bash_history.tar

Back
home/kdmucyyv/.bash_history��0000600��00000074360�15155005674�0012060 0��ustar�00��#1730717014 source /home/kdmucyyv/virtualenv/mestechslns/2.7/bin/activate && cd /home/kdmucyyv/mestechslns #1730717054 pwd #1730717079 ls #1730717269 source /home/kdmucyyv/virtualenv/mestechslns/2.7/bin/activate && cd /home/kdmucyyv/mestechslns #1730717274 ls #1730717290 pip install -r requirements.txt #1730717750 source /home/kdmucyyv/virtualenv/mestech/3.10/bin/activate && cd /home/kdmucyyv/mestech #1730717759 ls #1730717774 pip install -r requirements.txt #1730718050 python manage.py makemigrations #1730718070 pip install corsheaders #1730718328 source /home/kdmucyyv/virtualenv/mestech/3.10/bin/activate && cd /home/kdmucyyv/mestech #1730718649 ls #1730718683 pip install -r requirements.txt #1730718709 pip manage.py makemigrations #1730718724 python manage.py makemigrations #1730718735 python manage.py migrate #1730720220 source /home/kdmucyyv/virtualenv/mestech/3.10/bin/activate && cd /home/kdmucyyv/mestech #1730720253 python manage.py runserver #1730722119 source /home/kdmucyyv/virtualenv/mestechslns.co.ke/3.10/bin/activate && cd /home/kdmucyyv/mestechslns.co.ke #1730722134 pip install -r requirements.txt #1730722340 python manage.py makemigrations #1730722364 python manage.py migrate #1759776015 ls #1759776027 cd karaqana #1759776524 git clone https://github.com/SharonAnyona/Karaqana_Website.git #1759776679 ls #1759776749 cd Frontend/ #1759776753 npm install #1759776771 cd .. #1759776774 npm install #1759777115 cd .. #1759777118 ls #1759777132 rm -rf karaqana #1759777719 cd karaqana.com/ #1759777728 git clone https://github.com/SharonAnyona/Karaqana_Website.git #1759777877 ls #1759777928 npm install #1759778234 cd Karaqana_Website/ #1759778239 npm install #1759778461 cd .. #1759778463 ls #1759778468 npm install #1759779392 git clone https://github.com/SharonAnyona/Karaqana_Website.git . #1759779400 ls #1759779422 rm server.js #1759779427 git clone https://github.com/SharonAnyona/Karaqana_Website.git . #1759779437 ls -a #1759779456 git clone https://github.com/SharonAnyona/Karaqana_Website.git #1759779499 ls #1759779506 cd Karaqana_Website/ #1759779509 ls #1759779516 cd Frontend/ #1759779519 ls #1759779824 ls #1759779838 source /home/kdmucyyv/nodevenv/karaqana.com/Karaqana_Website/Frontend/20/bin/activate && cd /home/kdmucyyv/karaqana.com/Karaqana_Website/Frontend #1759779845 npm -v #1759779856 npm install #1759780256 node -v #1759780262 npm -v #1759780294 npm cache clean --force #1759780626 chmod -R 755 /home/kdmucyyv/nodevenv #1759780626 chmod -R 755 /home/kdmucyyv/karaqana.com #1759780637 npm install #1759780846 npm cache clean --force #1759780871 rm -rf ~/.npm #1759780894 rm -rf node_modules package-lock.json #1759780909 npm install --legacy-peer-deps --no-audit --no-fund --no-optional #1759821839 ls #1759821967 rm -rf ~/lscache/* #1759821967 rm -rf ~/tmp/* #1759821967 rm -rf ~/backup/* #1759821967 rm -rf ~/boldgrid_backup/* #1759821967 rm -rf ~/wordpress-backups/* #1759821985 rm -rf mestech #1759821989 rm -rf mestechslns #1759821996 rm -rf mestechslns.co.ke #1759822390 source /home/kdmucyyv/nodevenv/karaqana.com/Karaqana_Website/Frontend/20/bin/activate && cd /home/kdmucyyv/karaqana.com/Karaqana_Website/Frontend #1759822399 npm install #1759822484 rm -rf node_modules #1759822501 npm install #1759822594 npm run build #1759823443 ls #1759823568 tail -n 30 stderr.log #1759826078 npm install --production #1759840977 npm run build #1759841197 touch tmp/restart.txt #1770221793 ls #1770221935 cd home #1770221949 cd rafikisprings.co.uk/ #1770221965 find . -type f -name ".php" \| xargs grep -l "base64_decode\\|eval(gzinflate\\|gzuncompress\\|eval(base64\\|@include\\|@require\\|str_rot13\\|urldecode" \| head -50 #1770221988 find . -type f -name "hiroshi" -o -name "backdoor" -o -name "shell" -o -name "hack" -o -name "malware" #1770222004 find . -type f -name ".php" -exec grep -l "eval(" {} \; #1770222268 find . -type f -name ".php" -exec grep -l "base64_decode" {} \; #1770222342 find . -type f -name ".php" -mtime -7 #1770222354 find . -type f -perm 777 -name ".php" #1770222365 find . -type f -name ".php" \| xargs grep -l "preg_replace./e\\|assert\\|create_function" \| head -20 #1770222377 find ./wp-content/uploads -name ".php" -o -name ".phtml" -o -name ".php5" -o -name ".php7" #1770222388 find . -name ".htaccess" -exec grep -l "base64\\|eval\\|php_value" {} \; #1770222398 find . -type f -name ".php" -exec grep -l "Cyber\\|hack\\|bypass\\|WSO\\|c99\\|r57" {} \; #1770222617 find . -type f -name ".php" \| xargs grep -l "base64_decode\\|eval(gzinflate\\|gzuncompress\\|eval(base64\\|@include\\|@require\\|str_rot13\\|urldecode" \| head -50 #1770222628 find . -type f -name "hiroshi" -o -name "backdoor" -o -name "shell" -o -name "hack" -o -name "malware" #1770222639 find . -type f -name ".php" -exec grep -l "eval(" {} \; #1770222706 find . -type f -name ".php" -exec grep -l "base64_decode" {} \; #1770223628 # Backup only uploads (images, PDFs, etc.) #1770223628 mkdir /home/kdmucyyv/rafikisprings_uploads_backup #1770223628 cp -r /home/kdmucyyv/rafikisprings.co.uk/wp-content/uploads/ /home/kdmucyyv/rafikisprings_uploads_backup/ #1770223963 cd .. #1770223966 df -h #1770224015 quota -s #1770224042 rm -f /tmp/.tmp #1770224058 rm -f /tmp/wp-config- #1770224112 du -sh /home/kdmucyyv/backup #1770224134 du -sh /home/kdmucyyv/boldgrid_backup #1770224154 rm -f /home/kdmucyyv/backup/.zip #1770224162 rm -f /home/kdmucyyv/boldgrid_backup/.zip #1770224398 echo "=== Top directories by file count ===" #1770224398 find . -type f \| awk -F/ '{print $2}' \| sort \| uniq -c \| sort -rn \| head -20 #1770224426 echo "=== File count by extension ===" #1770224426 find . -type f \| awk -F. '{$NF} {print $NF}' \| sort \| uniq -c \| sort -rn \| head -20 #1770224440 echo "=== File count per site ===" #1770224440 for site in $(ls \| grep -E '\.(com\|co\.uk\|org\|net)$'); do filecount=$(find $site -type f 2>/dev/null \| wc -l); echo "$filecount files in $site"; done \| sort -rn #1770224471 find /home/kdmucyyv -name ".cache" -type f -delete #1770224479 find /home/kdmucyyv -name "cache-" -type f -delete #1770224482 find /home/kdmucyyv -path "/cache/" -type f -mtime +7 -delete #1770224503 find /home/kdmucyyv -name ".log" -type f -size +1M -delete #1770224506 find /home/kdmucyyv -name "error_log" -type f -delete #1770224509 find /home/kdmucyyv/logs -type f -mtime +7 -delete 2>/dev/null #1770224513 find /home/kdmucyyv -name ".bak" -type f -delete #1770224515 find /home/kdmucyyv -name ".backup" -type f -delete #1770224518 find /home/kdmucyyv -name "backup" -type f -mtime +30 -delete #1770224525 find /home/kdmucyyv -name ".tmp" -type f -delete #1770224528 find /home/kdmucyyv -name "temp" -type f -delete #1770224531 find /tmp -user $(whoami) -type f -mtime +1 -delete 2>/dev/null #1770227112 [6~ #1770227117 find . -name "transfer.php" -type f 2>/dev/null #1770227163 # 3. Search for admin.php in uploads directory specifically #1770227163 find ./rafikisprings.co.uk/wp-content/uploads -name "admin.php" -type f 2>/dev/null #1770227184 for site in $(ls \| grep -E '\.(com\|co\.uk\|org\|net)$'); do echo "=== Searching in $site ==="; find $site -name "transfer.php" -o -name "exit.php" -o -name "admin.php" 2>/dev/null \| head -5; done #1770228138 chmod 600 wp-config.php #1770228138 chown $(whoami):$(whoami) wp-config.php #1770228145 cd rafikisprings.co.uk/ #1770228147 chmod 600 wp-config.php #1770228147 chown $(whoami):$(whoami) wp-config.php #1770228597 find wp-content/uploads -name ".php" #1770229311 rm -rf wp-content/uploads/sucuri #1770229378 cd wp-content/themes/houzez #1770229390 grep -R --line-number "eval(" . #1770229453 grep -R --line-number "base64" . #1770229523 grep -R --line-number "gzinflate" . #1770229537 grep -R --line-number "str_rot13" . #1770229682 ls wp-content/mu-plugins #1770229689 cd // #1770229696 ls #1770229701 cd home #1770229704 ;s #1770229707 ls #1770229713 cd kdmucyyv/ #1770229714 ;s #1770229717 ls #1770229721 cd rafikisprings.co.uk/ #1770229724 ls wp-content/mu-plugins #1770229867 grep -R --line-number "eval(base64" wp-content/themes #1770229880 grep -R --line-number "gzinflate" wp-content/themes #1770229913 grep -R --line-number "str_rot13" wp-content/themes #1770229947 find wp-content/uploads -type f $ -name ".php" -o -name ".phtml" $ #1770230092 head -n 20 wp-blog-header.php #1770230128 wp cron event list #1770230265 ls wp-content/themes #1770230522 find . -type d -exec chmod 755 {} \; #1770230523 find . -type f -exec chmod 644 {} \; #1770230543 chmod 644 .htaccess #1770230543 chmod 644 wp-config.php #1770231064 cd rafikisprings.co.uk/ #1770231066 tail -n 50 /home//logs/error_log #1770231124 ls #1770231128 cd rafikisprings.co.uk/ #1770231131 tail -n 50 /var/log/apache2/error.log #1770231183 tail -n 50 error_log #1770231380 ls wp-includes/compat-utf8.php #1770232576 cd /home/kdmucyyv/rafikisprings.co.uk #1770232576 # Check if wp-includes directory exists #1770232576 ls -la wp-includes/ #1770232576 # Check for specific missing file #1770232576 ls -la wp-includes/compat-utf8.php 2>/dev/null \|\| echo "File doesn't exist" #1770232576 # See what other core files might be missing #1770232576 find wp-includes -name ".php" \| wc -l #1770232576 # Should have 300+ files in wp-includes #1770232717 cat wp-includes/version.php \| grep "\$wp_version" #1770232749 sed -n '30,40p' wp-settings.php #1770232813 cd /home/kdmucyyv/rafikisprings.co.uk/wp-includes #1770232813 # Create empty compat-utf8.php (it's not needed in modern WP) #1770232813 cat > compat-utf8.php << 'EOF' <?php /** * UTF-8 compatibility file. * This file is empty in modern WordPress installations. * It's kept only for backward compatibility with old code. * * @package WordPress * @since 2.8.0 / EOF #1770232813 chmod 644 compat-utf8.php #1770233203 ls -la wp-content/debug.log 2>/dev/null \|\| echo "No debug.log found" #1770412090 ls #1770412097 cd thereformersmovement.com/ #1770412108 wget https://wordpress.org/latest.tar.gz #1770412114 ls #1770412124 tar -xzf latest.tar.gz #1770412154 # Backup your current setup #1770412154 cp -r wp-content wp-content-backup-$(date +%Y%m%d) #1770412213 cp wp-config.php wp-config-backup-$(date +%Y%m%d).php #1770412532 cp -r wordpress/ . #1770412536 cp -r wordpress/.* . 2>/dev/null \|\| true #1770413032 cd /home/kdmucyyv/thereformersmovement.com/wp-content #1770413032 # Backup current plugins first #1770413032 cp -r plugins plugins-active-backup #1770413037 # Disable all plugins #1770413037 mv plugins plugins-disabled #1770413037 mkdir plugins #1770413037 # Test if site loads without errors #1770413295 cd /home/kdmucyyv/thereformersmovement.com/wp-content #1770413295 # Create themes directory #1770413295 mkdir themes #1770413295 chmod 755 themes #1770413295 # Verify it exists #1770413295 ls -la #1770413323 cd .. #1770413326 wp theme install twentytwentyfour --activate #1770413376 cd /home/kdmucyyv/thereformersmovement.com/wp-content/themes #1770413376 # Download Twenty Twenty-Four (latest default theme) #1770413376 wget https://downloads.wordpress.org/theme/twentytwentyfour.latest-stable.zip #1770413377 unzip twentytwentyfour.latest-stable.zip #1770413377 rm twentytwentyfour.latest-stable.zip #1770413377 # Set correct permissions #1770413377 chmod -R 755 twentytwentyfour #1770413794 # Check your backup folders #1770413794 find /home/kdmucyyv/thereformersmovement.com -name "backup" -type d \| xargs -I {} find {} -name "themes" -type d 2>/dev/null #1770413794 # Look for theme files in wp-content-backup #1770413794 ls -la /home/kdmucyyv/thereformersmovement.com/wp-content-backup/themes/ 2>/dev/null #1770414646 # Or check all theme-related options #1770414646 wp db query "SELECT option_name, option_value FROM wp_options WHERE option_name LIKE '%theme%'" #1770414723 wp db query "SELECT FROM wp_options WHERE option_name LIKE '%theme%' OR option_name LIKE '%template%' OR option_name LIKE '%stylesheet%'" #1770417140 cd .. #1770417148 cd paltutors.co.uk/ #1770417152 rsync -av --delete --exclude='wp-content' --exclude='wp-config.php' --exclude='.htaccess' --exclude='robots.txt' wordpress/ . #1770417229 sudo apt update #1770417229 sudo apt install rsync -y #1770417263 rm -rf wp-admin #1770417263 cp -r wordpress/wp-admin . #1770417279 rm -rf wp-includes #1770417279 cp -r wordpress/wp-includes . #1770417304 cp wordpress/.php . #1770417314 cp wordpress/wp- . #1770417314 cp wordpress/index.php . #1770417314 cp wordpress/license.txt . #1770417314 cp wordpress/readme.html . #1770417322 find . -type d -exec chmod 755 {} \; #1770417341 find . -type f -exec chmod 644 {} \; #1770417450 chmod 640 wp-config.php #1770417560 cd /home/kdmucyyv/paltutors.co.uk/wp-content #1770417560 # Rename existing plugins directory and create new empty one #1770417560 mv plugins plugins-disabled && mkdir plugins #1770544757 cd conseb.co.uk/ #1770544758 ls #1770544762 rsync -av --delete --exclude='wp-content' --exclude='wp-config.php' --exclude='.htaccess' --exclude='robots.txt' wordpress/ . #1770544979 cp wordpress/.php . #1770544997 cp -rn wordpress/wp-admin . #1770544997 cp -rn wordpress/wp-includes . #1770545407 ccd conseb.co.uk/ #1770545413 cd conseb.co.uk/ #1770545421 find . -type d -exec chmod 755 {} \; #1770545437 find . -type f -exec chmod 644 {} \; #1770545530 chmod 640 wp-config.php #1770545856 cd wp-content #1770545870 # Check current plugins directory #1770545870 ls -la #1770545870 # Rename plugins to disable them #1770545870 mv plugins plugins-disabled #1770545870 # Create new empty plugins directory #1770545870 mkdir plugins #1770545870 # Set correct permissions #1770545870 chmod 755 plugins #1770545870 # Verify the change #1770545870 ls -la #1770547578 cd .. #1770547584 cd rafikisprings.co.uk/ #1770547734 cp wordpress/.php . #1770547753 cp -rn wordpress/wp-admin . #1770547753 cp -rn wordpress/wp-includes . #1770547818 find . -type d -exec chmod 755 {} \; && find . -type f -exec chmod 644 {} \; && \ #1770547843 find . -type d -exec chmod 755 {} \; && find . -type f -exec chmod 644 {} \; && chmod 640 wp-config.php #1770548233 mkdir plugins #1770548233 chmod 755 plugins #1770549060 cd semigocare.co.uk/ #1770549306 cp wordpress/.php . #1770549321 cp -rn wordpress/wp-admin . #1770549321 cp -rn wordpress/wp-includes . #1770549737 cd .. #1770549751 ls #1770549763 cd scsgconsultants.com/ #1770550281 ls #1770550286 cd scsgconsultants.com/ #1770550288 ls #1770550296 cp wordpress/.php . #1770550310 cp -rn wordpress/wp-admin . #1770550310 cp -rn wordpress/wp-includes . #1770551456 cd .. #1770551459 cd aulondonventures.com/ #1770551543 cp wordpress/.php . #1770551602 cp -rn wordpress/wp-admin . #1770551602 cp -rn wordpress/wp-includes . #1770551990 cd .. #1770551992 ls #1770552000 cd jestinanabelle.co.uk/ #1770552096 cp wordpress/.php . #1770552110 cp -rn wordpress/wp-admin . #1770552110 cp -rn wordpress/wp-includes . #1770552296 cd ~/jestinanabelle.co.uk/wp-content/themes #1770552296 mv astra astra-broken #1770552580 cd .. #1770552591 cd karaqana.com/ #1770552688 cp wordpress/.php . #1770552697 cp -rn wordpress/wp-admin . #1770552697 cp -rn wordpress/wp-includes . #1770552911 cd .. #1770552918 cd stayandbuy.co.ke/ #1770553019 cp wordpress/.php . #1770553204 cd .. #1770553209 cd jonnelocks.co.ke/ #1770553329 cp wordpress/.php . #1770553339 cp -rn wordpress/wp-admin . #1770553339 cp -rn wordpress/wp-includes . #1770556288 ls #1770556295 cd stayandbuy.co.ke/ #1770556358 cp wordpress/.php . #1770556369 cp -rn wordpress/wp-admin . #1770556369 cp -rn wordpress/wp-includes . #1770626937 cd /home/kdmucyyv/karaqana.com/wp-content #1770626937 # Rename plugins directory #1770626937 mv plugins plugins-disabled #1770626937 mkdir plugins #1770626937 chmod 755 plugins #1770626937 echo "✓ All plugins disabled" #1770629597 cd /home/kdmucyyv/jonnelocks.co.ke/wp-content #1770629597 # Disable all plugins #1770629597 mv plugins plugins-disabled 2>/dev/null #1770629597 mkdir plugins #1770629597 chmod 755 plugins #1770629597 echo "✓ Plugins disabled" #1771240261 ls #1771241211 cd paltutors.co.uk/ #1771241213 ls #1771241235 cd wp-content #1771241238 ls #1771241242 # Check if mu-plugins directory exists and what's in it #1771241242 if [ -d "mu-plugins" ]; then echo "=== mu-plugins found ==="; ls -la mu-plugins/ for file in mu-plugins/.php; do if [ -f "$file" ]; then echo ""; echo "File: $file"; grep -n "wp_is_block_theme\\|function\\|add_action\\|add_filter" "$file" \| head -10; fi; done; else echo "No mu-plugins directory found"; fi #1771241325 # Disable all mu-plugins #1771241325 mv mu-plugins mu-plugins-disabled #1771241325 # Create empty mu-plugins directory (WordPress needs it) #1771241325 mkdir mu-plugins #1771241325 chmod 755 mu-plugins #1771241325 echo "✓ All mu-plugins disabled" #1771241936 cd .. #1771241941 cat > /home/kdmucyyv/deep-diagnostic-paltutors.sh << 'EOF' #!/bin/bash cd /home/kdmucyyv/paltutors.co.uk echo "==========================================" echo "DEEP DIAGNOSTIC - paltutors.co.uk" echo "==========================================" # 1. Check what's actually in mu-plugins now echo "" echo "1. CURRENT MU-PLUGINS STATUS:" if [ -d "wp-content/mu-plugins" ]; then echo "mu-plugins directory exists with:" ls -la wp-content/mu-plugins/ else echo "mu-plugins directory missing" fi # 2. Check active theme echo "" echo "2. ACTIVE THEME:" ACTIVE_THEME=$(wp db query "SELECT option_value FROM wp_options WHERE option_name='template'" 2>/dev/null \| tail -1) if [ -z "$ACTIVE_THEME" ]; then # Try PHP method ACTIVE_THEME=$(php -r " require_once('wp-config.php'); \$conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); \$result = \$conn->query(\"SELECT option_value FROM wp_options WHERE option_name='template'\"); if (\$row = \$result->fetch_assoc()) echo \$row['option_value']; " 2>/dev/null) fi echo "Active theme: $ACTIVE_THEME" # 3. Check if theme directory exists if [ -n "$ACTIVE_THEME" ]; then if [ -d "wp-content/themes/$ACTIVE_THEME" ]; then echo "✓ Theme directory exists" # Check functions.php for any code that might run early if [ -f "wp-content/themes/$ACTIVE_THEME/functions.php" ]; then echo "" echo "3. ANALYZING functions.php:" # Look for actions/hooks that run early grep -n "add_action.plugins_loaded\\|add_action.init\\|add_action.after_setup_theme" "wp-content/themes/$ACTIVE_THEME/functions.php" \| head -10 # Look for direct wp_is_block_theme calls echo "" echo "Looking for wp_is_block_theme in theme:" grep -n "wp_is_block_theme" "wp-content/themes/$ACTIVE_THEME/functions.php" 2>/dev/null \|\| echo "Not found in functions.php" # Search all theme files echo "" echo "Searching ALL theme files for wp_is_block_theme:" find "wp-content/themes/$ACTIVE_THEME" -name ".php" -exec grep -l "wp_is_block_theme" {} \; 2>/dev/null \| head -5 fi else echo "✗ Theme directory MISSING!" fi fi # 4. Check for any remaining plugin traces echo "" echo "4. CHECKING FOR ACTIVE PLUGINS:" if [ -d "wp-content/plugins" ]; then ACTIVE_PLUGINS=$(find wp-content/plugins -maxdepth 1 -type d \| grep -v "^wp-content/plugins$" \| wc -l) echo "Found $ACTIVE_PLUGINS plugin folders" # Check if any plugin might be loading via different method echo "Checking for plugins that auto-load:" find wp-content/plugins -name ".php" -exec grep -l "add_action.plugins_loaded\\|add_action.init" {} \; 2>/dev/null \| head -5 fi # 5. Check WordPress core version echo "" echo "5. WORDPRESS VERSION:" if [ -f "wp-includes/version.php" ]; then WP_VERSION=$(grep "wp_version =" wp-includes/version.php \| cut -d"'" -f2) echo "WordPress: $WP_VERSION" fi # 6. Check PHP version echo "" echo "6. PHP VERSION:" php -v \| head -1 # 7. Look for the error in real-time echo "" echo "7. CAPTURING ERROR (loading site once):" curl -s https://paltutors.co.uk/ \| grep -i "wp_is_block_theme" \| head -3 # 8. Check error log echo "" echo "8. RECENT ERROR LOG ENTRIES:" if [ -f "wp-content/debug.log" ]; then tail -30 wp-content/debug.log \| grep -B2 -A2 "wp_is_block_theme" \| tail -20 else echo "No debug.log found. Enabling debug logging..." # Enable debug logging temporarily cp wp-config.php wp-config.php.temp sed -i "/require_once/a\define('WP_DEBUG', true);\ndefine('WP_DEBUG_LOG', true);\ndefine('WP_DEBUG_DISPLAY', false);" wp-config.php # Load site to generate log curl -s https://paltutors.co.uk/ > /dev/null sleep 2 if [ -f "wp-content/debug.log" ]; then echo "Debug log created. Contents:" tail -30 wp-content/debug.log else echo "Still no debug log" fi # Restore original wp-config mv wp-config.php.temp wp-config.php fi # 9. Create a test to isolate the issue echo "" echo "9. ISOLATION TEST - Switch to default theme:" echo "Switching to Twenty Twenty-Four..." # Force switch to default theme php -r " require_once('wp-config.php'); \$conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); \$conn->query(\"UPDATE wp_options SET option_value='twentytwentyfour' WHERE option_name='template'\"); \$conn->query(\"UPDATE wp_options SET option_value='twentytwentyfour' WHERE option_name='stylesheet'\"); echo \"Theme switched to twentytwentyfour\n\"; " # Test after theme switch echo "Testing site with default theme..." if curl -s https://paltutors.co.uk/ \| grep -q "wp_is_block_theme"; then echo "✗ Error STILL present with default theme" else echo "✓ No error with default theme - YOUR THEME IS THE ISSUE" fi # 10. Check for .htaccess or server config issues echo "" echo "10. CHECKING .htaccess:" if [ -f ".htaccess" ]; then echo ".htaccess exists with:" head -10 .htaccess fi echo "" echo "==========================================" echo "DIAGNOSTIC COMPLETE" echo "==========================================" EOF #1771241941 chmod +x /home/kdmucyyv/deep-diagnostic-paltutors.sh #1771241941 bash /home/kdmucyyv/deep-diagnostic-paltutors.sh #1771242276 cd /home/kdmucyyv/paltutors.co.uk #1771242276 # Verify theme is set to Twenty Twenty-Four #1771242276 php -r " require_once('wp-config.php'); \$conn = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); \$conn->query(\"UPDATE wp_options SET option_value='twentytwentyfour' WHERE option_name='template'\"); \$conn->query(\"UPDATE wp_options SET option_value='twentytwentyfour' WHERE option_name='stylesheet'\"); echo \"Theme set to Twenty Twenty-Four\n\"; " #1771242470 cd /home/kdmucyyv/paltutors.co.uk/wp-content/themes #1771242470 # List all themes #1771242470 echo "=== Available Themes ===" #1771242470 ls -la #1771242470 # Check what themes exist #1771242470 for theme in /; do if [ -d "$theme" ] && [ "$theme" != "twentytwentyfour/" ]; then echo ""; echo "Found theme: $theme"; if [ -f "${theme}style.css" ]; then grep "Theme Name:" "${theme}style.css" \| head -1; fi; fi; done #1771243383 cd paltutors.co.uk/ #1771243479 cd /home/kdmucyyv/paltutors.co.uk #1771243479 # Create a new admin user #1771243479 wp user create ephraim ephraimnorbat@gmail.com --role=administrator --user_pass=Ephraim@8584 #1771243573 cd .. #1771243579 cd /home/kdmucyyv #1771243579 # Download WP-CLI #1771243579 curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar #1771243579 # Check if download worked #1771243579 ls -la wp-cli.phar #1771243626 # Make it executable #1771243626 chmod +x wp-cli.phar #1771243626 # Test it works #1771243626 php wp-cli.phar --info #1771243661 # Add alias to your bashrc #1771243661 echo "alias wp='php /home/kdmucyyv/wp-cli.phar'" >> ~/.bashrc #1771243661 # Reload bashrc #1771243661 source ~/.bashrc #1771243661 # Test it works #1771243661 wp --info #1771243717 cd paltutors.co.uk/ #1771243739 wp user create ephraim ephraimnorbat@gmail.com --role=administrator --user_pass=Ephraim@8584 #1771252500 cd rafikisprings.co.uk/ #1771252506 wp user create ephraim ephraimnorbat@gmail.com --role=administrator --user_pass=Ephraim@8584 #1771253116 wp user create emmanuel emmanuelnyamwela@hotmail.com --role=administrator --user_pass=SER@Paltutor #1771315446 ls #1771315458 cd public_html/ #1771315459 ls #1771315466 wget https://wordpress.org/latest.tar.gz #1771315489 tar -xzf latest.tar.gz #1771333190 cd public_html/ #1771333192 ls #1771333198 cp wordpress/.php . #1771333222 cp -rn wordpress/wp-admin . #1771333222 cp -rn wordpress/wp-includes . #1771333322 wget https://wordpress.org/latest.tar.gz #1771333337 tar -xzf latest.tar.gz #1771335118 wget https://wordpress.org/latest.tar.gz #1771335130 tar -xzf latest.tar.gz #1771335215 cp -rf wordpress/wp-includes . #1771335250 cp wordpress/.php . #1771335265 cp -rf wordpress/wp-admin . #1772901122 ps aux --sort=-%cpu \| head -20 #1772901281 kill -9 503923 #1772901320 ps aux --sort=-%cpu \| head -20 #1772901572 kill -9 561433 74394 108693 #1772901578 ps aux --sort=-%cpu \| head -20 #1772901772 grep "admin-ajax.php" /home/kdmucyyv/logs/access* \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -30 #1772901789 crontab -l #1772901797 # Also check system crons #1772901797 ls -la /etc/cron* #1772901971 ps aux --sort=-%cpu \| head -20 #1772902251 # Find all log files in your home directory #1772902251 find /home/kdmucyyv -name "accesslog" -type f 2>/dev/null \| head -20 #1772902763 # Check the standard cPanel log locations #1772902763 ls -la /home/kdmucyyv/logs/ #1772902763 ls -la /home/kdmucyyv/public_html/logs/ #1772902764 ls -la /usr/local/apache/logs/ 2>/dev/null #1772902818 # Check all system cron directories #1772902818 ls -la /etc/cron.d/ #1772902818 ls -la /etc/cron.hourly/ #1772902819 ls -la /etc/cron.daily/ #1772902819 ls -la /etc/cron.weekly/ #1772902819 ls -la /etc/cron.monthly/ #1772902819 # Check for any files with your username in system crons #1772902819 grep -r "kdmucyyv" /etc/cron 2>/dev/null #1772902820 # Check the main system crontab #1772902820 cat /etc/crontab 2>/dev/null #1772902967 # Check if there are any uncompressed current log files #1772902967 ls -la /home/kdmucyyv/logs/access 2>/dev/null #1772902967 # If no uncompressed files, let's look at today's compressed log #1772902967 # For the site most affected (paltutors.co.uk showing many processes) #1772902967 zcat /home/kdmucyyv/logs/paltutors.co.uk.luniascouringpads.com-Mar-2026.gz \| grep "admin-ajax.php" \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -30 #1772902986 # Also check rafikisprings.co.uk which has huge log files #1772902986 zcat /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| head -100 \| grep "admin-ajax.php" \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -20 #1772903022 # Decompress and analyze rafikisprings SSL log (most suspicious due to size) #1772903022 zcat /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| grep "admin-ajax.php" \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -30 #1772909581 grep "31.121.247.143" /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| tail -20 #1772909594 top -bn1 \| grep "Cpu(s)" \| awk '{print $2}' \| cut -d'%' -f1 #1772909722 grep "31.121.247.143" /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| tail -20 #1772909728 top -bn1 \| grep "Cpu(s)" \| awk '{print $2}' \| cut -d'%' -f1 #1772909807 # Kill all lsphp processes (this won't harm your site - new clean requests will spawn new processes) #1772909807 pkill -9 lsphp #1772909835 zcat /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| grep "admin-ajax.php" \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -30 #1772910428 pkill -9 lsphp #1772910489 top -bn1 \| grep "Cpu(s)" \| awk '{print $2}' \| cut -d'%' -f1 #1772912333 zcat /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| grep "admin-ajax.php" \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -30 #1772912729 top -bn1 \| grep "Cpu(s)" \| awk '{print $2}' \| cut -d'%' -f1 #1772913060 pkill -9 lsphp #1772913090 top -bn1 \| grep "Cpu(s)" \| awk '{print $2}' \| cut -d'%' -f1 #1772913697 zcat log.gz \| grep admin-ajax.php \| grep action= \| sort \| uniq -c \| sort -nr \| head #1772913758 wp core verify-checksums #1772913772 cd rafikisprings.co.uk/ #1772913775 wp core verify-checksums #1772914312 rm wp-includes/sitemap-.xml #1772914328 rm wp-admin/error_log #1772914328 rm wp-includes/error_log #1772914328 rm wp-includes/PHPMailer/error_log #1772914328 rm wp-includes/widgets/error_log #1772914345 wp core download --force --skip-content #1772914421 grep -R "base64_decode" . #1772914566 grep -R "eval(" . #1772914598 grep -R "gzinflate" . #1772914598 grep -R "shell_exec" . #1772914916 wp user list #1772915059 wp user delete admindemo #1772915110 wp user list #1772915213 rm wp-includes/sitemap-.xml #1772915240 find . -type f -name ".php" -mtime -7 #1772915337 find wp-content/uploads -name ".php" #1772915678 top #1772915832 netstat -ntp \| grep lsphp #1772915847 lsof -p 2491469 #1772916324 zcat log.gz \| grep admin-ajax.php \| grep action= \| sort \| uniq -c \| sort -nr \| head #1772916395 top -bn1 \| grep "Cpu(s)" \| awk '{print $2}' \| cut -d'%' -f1 #1772916445 zcat /home/kdmucyyv/logs/rafikisprings.co.uk.luniascouringpads.com-ssl_log-Mar-2026.gz \| grep "admin-ajax.php" \| awk '{print $1}' \| sort \| uniq -c \| sort -nr \| head -30 #1772989763 cd rafikisprings.co.uk/ #1772989774 ls -l wp-content/plugins/vikbooking/site/views/search/tmpl/ #1772989981 find wp-content/plugins/vikbooking -name default.xml #1772990404 rm -rf wp-content/plugins/vikbooking #1772990416 rm -rf wp-content/plugins/vikbooking_old #1772991713 php -i \| grep upload_max_filesize #1772991778 vim ~/.user.ini #1772991814 php -i \| grep upload_max_filesize #1772991838 vim ~/.user.ini #1772991860 vim user.ini #1772991905 vim ~/.user.ini #1772991912 php -i \| grep upload_max_filesize #1772991932 echo user.ini #1772991946 touch user.ini #1772991977 cat user.ini #1772991985 php -i \| grep upload_max_filesize #1772992128 killall -9 lsphp #1772992134 php -i \| grep upload_max_filesize #1772992147 cat .user.ini #1772992201 php -i \| grep upload_max_filesize #1772992325 cd rafikisprings.co.uk/ #1772992331 php -i \| grep upload_max_filesize #1772992348 cat .user.ini #1772992357 cat .htaccess #1772992631 php_value upload_max_filesize 128M #1772992631 php_value post_max_size 128M #1772992631 php_value memory_limit 512M #1772992631 php_value max_execution_time 300 #1772992631 php_value max_input_time 300 #1772992645 php -i \| grep upload_max_filesize #1772992672 cd rafikisprings.co.uk/ #1772992677 php -i \| grep upload_max_filesize #1772992895 killall -9 lsphp ��

| ver. 1.4 | Github | . | PHP 8.3.30 | Generation time: 0 | proxy | phpinfo | Settings