WordPress is slow: wp-captcha-booster – tech-banker-service

By:
On:
In: General, Linux
With: 0 Comments

I just found out that i could not access my wordpress today, i checked the server, everything looked good. i restarted the server, it’s still slow, there is no error.

I decided to do a debug using the following command:

cd /www/myswebsite.com/httpdocs/
strace php index.php

I see my script stopped at

sendmmsg(6, {{{msg_name(0)=NULL, msg_iov(1)=[{"-\265\1\0\0\1\0\0\0\0\0\0\24tech-banker-service"..., 42}], msg_controllen=0, msg_flags=MSG_DONTROUTE|MSG_DONTWAIT|MSG_FIN|MSG_SYN|MSG_ERRQUEUE|MSG_NOSIGNAL|MSG_FASTOPEN|0x6a80010}, 42}, {{msg_name(0)=NULL, msg_iov(1)=[{"\207E\1\0\0\1\0\0\0\0\0\0\24tech-banker-service"..., 42}], msg_controllen=0, msg_flags=MSG_OOB|MSG_DONTROUTE|MSG_CTRUNC|0x10}, 42}}, 2, MSG_NOSIGNAL) = 2
poll([{fd=6, events=POLLIN}], 1, 5000)  = 1 ([{fd=6, revents=POLLIN}])
ioctl(6, FIONREAD, [58])                = 0
recvfrom(6, "-\265\201\200\0\1\0\1\0\0\0\0\24tech-banker-service"..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("213.133.99.99")}, [16]) = 58
poll([{fd=6, events=POLLIN}], 1, 4999)  = 1 ([{fd=6, revents=POLLIN}])
ioctl(6, FIONREAD, [135])               = 0
recvfrom(6, "\207E\201\200\0\1\0\0\0\1\0\0\24tech-banker-service"..., 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("213.133.99.99")}, [16]) = 135
close(6)                                = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 6
fcntl(6, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
connect(6, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("63.142.254.220")}, 16) = -1 EINPROGRESS (Operation now in progress)
poll([{fd=6, events=POLLIN|POLLOUT|POLLERR|POLLHUP}],

I see that my script could not connect 63.142.254.220 , i doubted   that my service is infected with some harmful script, i search 63.142.254.220 in my whole web directory

grep -r "63.142.254.220" /www/myswebsite.com/httpdocs/*

But i could not see any thing, i looked at the strace debug, i see tech-banker-service  , so i did another search:

grep -r "tech-banker-service" /www/myswebsite.com/httpdocs/*

I found it:

wp-content/plugins/wp-captcha-booster/wp-captcha-booster.php:         define( 'TECH_BANKER_SERVICES_URL', 'https://tech-banker-services.org' );
wp-content/plugins/wp-captcha-booster/wp-captcha-booster.php:           define( 'TECH_BANKER_SERVICES_URL', 'http://tech-banker-services.org' );
wp-content/plugins/wp-captcha-booster/wp-captcha-booster.php:   define( 'TECH_BANKER_STATS_URL', 'http://stats.tech-banker-services.org' );

So i go to the plugins and disable this plugin

cd wp-content/plugins/
mv wp-captcha-booster wp-captcha-booster.old

After this my site working perfectly.

Leave a Reply

Your email address will not be published. Required fields are marked *