4 days ago 3 of my websites were infected with malware. One was picked up by Google and is now flagged for avoidance.
I have spent hours upon hours fixing this problem, yet every time the .htaccess files are reinfected with redirects to a Russian site of some description.
- When I cleaned the sites I changed all the passwords for FTP, site admin, and database. I deleted cookie logon function by resetting WP secret keys. I installed Bulletproof Security to protect .htaccess and my wp-config folder. This hasn't worked, they just bypass it. The hackers also won't let me resave the file when i delete their hack, instead making me have to download the file and then upload it clean.
- I thought the hack had come through filezilla. So I stopped cleaning through that and instead started using Go Daddy file manager to clean the reinfected .htaccess flles. But no, reinfection within 7 hours. Go Daddy, as per usual, don't have a clue what I should even be looking for.
- I also installed site DB backups but that didn't make a difference. Neither did the plugin upgrades or WP upgrades I did when the sites were clean, which they were because i scanned them at sucuri.net.
- I have scanned every line of php for bad code using the advice on forums like this one and blogs, etc. I can't see anything untoward and just don't know what to do. As far as I can see this is purely the .htaccess file that is getting attacked. I have even completely deleted the file yet they keep putting a new one in.
- one thing i find strange is that it only attacked these 3 sites. I have 3 other WordPress sites on the same hosting that it hasn't affected. I have a feeling it got to my root site first and worked into the others, but then I don't know how these things work so i am probably wrong. Could there be one file in the root that is triggering all this?
If anyone here has any clue what i should be looking for or has experienced something similar i would greatly appreciate any advice. I can't afford to shed out $100 each for a site clean, hell, the sites are more sentimental than valuable. If someone knows exactly where are what to look for that would be awesome.