WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] A big Problem - Too many redirects. Can't load site (32 posts)

  1. mrlewiswhite
    Member
    Posted 2 years ago #

    Please help,
    When i type in - http://lewiswhites.com
    the following appears everytime.

    http://lewiswhites.com/var/chroot/home/content/21/7764821/html/htttp://reltime2012.ru/frunleh?9

    I have "emptied the cache" and "Removed all cookies" but nothing has changed.

    Please send me instructions

    Many Thanks

  2. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    Did you use a 301 redirect (Moved Permanently)? It seems, if you did not do so, some Russian site has got backdoor entry and installed it.

  3. mrlewiswhite
    Member
    Posted 2 years ago #

    Thanks for your reply Krishna,

    What is a 301 redirect?

    I will google it too...

    lewis

  4. mrlewiswhite
    Member
    Posted 2 years ago #

    No Krishna,

    i did not use a 301 redirect...

    What do I do now?

    any ideas?

    Lewis

  5. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    That means you have NOT used a 301 redirect.
    You can get some idea here: http://www.webconfs.com/how-to-redirect-a-webpage.php/

  6. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    You can find the REPORT HERE. If you do not know, it is better to contact your hosting company. It can be a case of hacking, though your site is verified CLEAN.

  7. mrlewiswhite
    Member
    Posted 2 years ago #

    thanks for your help,

    I will see how i go

    Wish me luck...

  8. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    Good Luck! The problem can be resolved easily. The redirect is most probably from your .htaccess file.

  9. mrlewiswhite
    Member
    Posted 2 years ago #

    I have emailed my hosting company and am eagerly awaiting the reply.

    Thanks again Krishna

  10. will426
    Member
    Posted 2 years ago #

    Hey Lewis, I'm having exactly the same problem as you at exactly the same time. I tried to load my website about 4 or 5 hours ago and was getting exactly the same url you have tacked on to the end of mine, and the page wont load. The only difference is that I am using joomla and not wordpress.

    I have still not resolved it, but I have found some things out. If I type my domain-name the problems occurs, but if I type my domain-name and add /index.php then the website loads as normal.

    I checked my visitor logs and seems like I have an awful lot of ips connecting to me website associated with that suspicious url, it also looked like my user admin had recently been used to log into my account. I changed the password now, and blocked all those ips.

    I contacted my service provider and they think its something to do with the .htaccess file. They said they had fixed it, but its still not working. I also found various copies of this file with that url copied many times inside it, but I have removed all of them now.

    Anyway please let me know if you manage to fix it, or if you find out anything else. I'll let you know how my problem goes as well. Thanks, and good luck!

  11. analogrival
    Member
    Posted 2 years ago #

    I had to repair ALL .htaccess files, including one from a level higher than my public html folder, so double check those.

    Been about an hour now and everything seems OK

  12. will426
    Member
    Posted 2 years ago #

    Ah thanks! I missed that one as well, everything seems to be more or less back to normal now. :) Glad you could sort yours out as well!

  13. Audiovoyeur
    Member
    Posted 2 years ago #

    Hi there

    Just to chime in, I had the same issue on my side - The weekend: 7-8th of July 2012. My .HTACCESS was also tampered with. I had to roll-back my database and files to fix issue, I Also changed FTP passwords etc.

    I am just a little concerned that access was gained to our server - not sure how to ensure that it does not happen again - have a number of plug-ins installed - might be a vulnerability (my WP and plugins are up to date) and I have since installed a firewall ect - but I am still concerned about the incident.

    Any suggestions on what to do? form the community - it is very interesting that this has happened on other platform as well (as mentioned above)

    Just to qualify - we also have a 301 redirect (to redirect the .com to the .co.za) could it be that something was injected there.

    I am investigating this issue and if anyone is interested I can supply my findings (if it is worth anything).

    good luck to those affected...

  14. bluejpro
    Member
    Posted 2 years ago #

    mrlewiswhite and all

    Thanks for posting this thread.

    One of my clients just reported the very same problem 7/9/12 at 7:47AM (US EDT). I just looked at the .htaccess file on the root HTML and I don't see anything out of order.

    But when I looked at the .htaccess file in the wp-content folder I found this:

    RewriteRule ^(.*)$ htttp://reltime2012.ru/frunleh?9 [R=301,L]

    It was modified 7/7 at 8:03 AM.

    I will delete it.

    What could have made us vulnerable to this hack?

    What should I do to make the site more secure?
    - - - - -
    deleting the hacked .htaccess in wp-content has not fixed the problem, so I will keep looking for other compromised files.

  15. bluejpro
    Member
    Posted 2 years ago #

    Update: I did find the root .htaccess file was hacked, on a second inspection.

    I replaced this also, refreshed my cache, and the site is still redirecting. So I'll continue to look for hacked files.

    Looking forward to what others find out.

  16. bluejpro
    Member
    Posted 2 years ago #

    I fixed the problem by deleting hacked .htaccess files in 3 places:

    1. root above public_html folder
    2. in public_html folder
    3. in wp_content

    Hope others find this helpful.

  17. ldm
    Member
    Posted 2 years ago #

    Hello every body.

    since 7/7/2012 we have the same problem. any suggest plz.

    thank you in advance

    ldm

  18. @ldm please post your own thread with your own details and specifics.

    http://wordpress.org/support/forum/how-to-and-troubleshooting#postform

  19. ldm
    Member
    Posted 2 years ago #

    thank you Jan.
    Done ;).

    have a nice day

  20. paulgal
    Member
    Posted 2 years ago #

    Hi, I Have had this problem. check the .htacess file for anything suspicious.

    this could be down to the timthumb exploit, in your current theme folder if you have a file called timthumb and its only around 12k kilobytes, you have probably been hit by hackers.

    The bad news is that the damage is done and they have already got into your hosting account, I havent been able to locate all the files they infected as they infected right up to the host root folder past public_html where cpanel folders settings are.

    its not just the .htaccess files that are infected as the problem returned in my expericence. I found lots of corrupt files/folders

    so the safest option is to backupyour db, have your host delete and reset a fresh hosting account for you and reinstall from backup if possible, if not you'll have to rebuild the site as I found the only thing that was not compromised on the server was the database.

    when you backup make sure you update the timthumb file... http://timthumb.googlecode.com/svn/trunk/timthumb.php

    hope this helps

  21. will426
    Member
    Posted 2 years ago #

    Sorry to hear everyone is having problems, hope you can all manage to solve it. Thanks again Lewis for starting this post, a real life saver, and thank you google for directing me here :)

  22. mudandroutes
    Member
    Posted 2 years ago #

    Ditto - so here's my experience so far if it's of any help... Latest version of WP etc... Review It theme needs updating, but is pretty heavily customised so hadn't got round to it yet :-( Got a load of 301 redirects on one domain only.

    So far managed to delete the entries from all the htaccess. files, but I'm sure I deleted stuff yesterday (thinking it was something the hosts had added) and I'm pretty sure that they reverted by today. Found one in a higher directory, so fixed that too..

    Told my hosting company (4uhosting) and I'm hoping they get it sorted. Will share any relevant info here (e.g. if the problem recurs tomorrow).

    Also - pretty sure this has changed file permissions on the .htcaccess files from 644 to 444, probably to prevent users from editing the file...

  23. will426
    Member
    Posted 2 years ago #

    Hey mudandroutes, yeah I think my file permission had changed on the file located above public_html folder. I just deleted it and copied another one there with a list of ip addresses I banned, hopefully most relating to that website. My host also said that I should change all my passwords to be sure, including cpanel, joomla (or wordpress if you guys case) and ftp.

    Make sure you get every single affect file, especially at the very root of your account, above public_html.

  24. mudandroutes
    Member
    Posted 2 years ago #

    I'd missed one above the public_html folder, so thanks!

    Well worth, as Will says to makes sure you get all the files - i did a search for them all and now at least all the .htaccess files are clear!

    All passwords now changed too - so fingers crossed!

    Another thing - my page views dropped significantly about 10 days ago - I assumed it was the poor weather as site is outdoors based but that suspicion is why I discovered this issue in the first place.

  25. mrlewiswhite
    Member
    Posted 2 years ago #

    Ok...
    Getting there.

    I have now got my site working by using
    http://lewiswhites.com/?=123

    I cancelled my hosting and started it again but
    the original problem still exists

    How do I get rid of that and just use
    http://lewiswhites.com

    Also, how do I access the .htaccess file?
    I just can't find it.

    Cheers

  26. paulgal
    Member
    Posted 2 years ago #

    clear your history cache as lewiswhites.com works form me..

    .htaccess file is located through your file manager or ftp client.. with the option to view hidden files enabled.

    for everyone thinkingn they can just delete all their .htaccess files and it will fix it I would think again... I actually a file manager that they uploaded changing the permissions and files. only safe way is to restore from an older backup or backup the db and restore from there.

  27. Krishna
    Volunteer Moderator
    Posted 2 years ago #

    @mrlewiswhite,
    Your site is working fine. What problem do you find now?

  28. mudandroutes
    Member
    Posted 2 years ago #

    Just to say - deleting the htaccess entries hasn't done it for me.. It's reappeared tonight - 1732 - changed htacces contents and then changed the file permissions to 444. Seems to be running on a script somewhere... And then reverted again at 1900 tonight..

    Host backup probably not an option (after infection), and in the choice between reinstalling all the sites or going offline, I've got no time to reinstall the lot.

    Better WP Security found a file called wp-xml.php that doesn't look much like your usual php file.. so going to check it all out....

    Would check the logs if I knew what I was lookign for!

  29. will426
    Member
    Posted 2 years ago #

    Hey guys, I checked my website again tonight and the .htaccess files have been rewritten again with that damn url :( I changed my cpanel password as well, and my joomla passwords. I don't know what else to do? As mudandroutes said there must be some script running these somewhere :( Anyone have any ideas? I'd really like to get it fixed!

    I also found that my templates folder had been renamed templates_back, and another folder called templates had been made with fewer templates in it. I don't know what's going on, any ideas??? Thanks.

  30. mrlewiswhite
    Member
    Posted 2 years ago #

    I checked with a friend and it seems my site works fine now ...

    However, I still need to add /?=123 for it to load on my iPad

    On my mac g5, it loads fine.

    Thanks everyone for your help. Much appreciated

    Lewis

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.