Forums

WordPress › Support » Plugins and Hacks

BulletProof Security
[resolved] Warning Banners keep coming back (10 posts)

  1. robimx
    Member
    Posted 8 months ago #

    Hi,

    I installed BPS about a month ago and everything worked fine until today.

    All of a sudden, The yellow and red warning banner pops up every 10 minutes or so. When it does, I go to the settings and reinitialize the htaccess rewrites and then all is green again. But then it comes back up 10 minutes later.

    I also noticed that when the yellow banner is there, ALL external links linking to my site ( from facebook, youtube, etc..) redirect to Google.com instead of my site.

    what's going on?

    please help!

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. vikingweb
    Member
    Posted 8 months ago #

    Are you on a godaddy hosting account?

  3. robimx
    Member
    Posted 8 months ago #

    sadly yes....

    It's back up and running after today's "attack" on GoDaddy but this problem has arisen

  4. vikingweb
    Member
    Posted 8 months ago #

    They are not even close to 100% operational. They are more than likely the ones cause the banners popping up while they try to close this door that got opened. I have some .htaccess errors myself with other plug ins on a few sites that are not making sense. I would say wait a bit to deactivate it or reinstall just in case there is something left. But you can always deactivate all the other plug ins and see if that fixes the banners. I have had to turn off shopping carts due to false sales being generated.

  5. AITpro
    Member
    Plugin Author
    Posted 8 months ago #

    Yep it is possible that this is a left over GoDaddy DNS issue, but what you need to check is your root .htaccess file at the time the problem occurs. If the .htaccess file is being modified by another plugin, etc. The next time the problem occurs use the BPS built-in .htaccess editor and copy the entire contents of the root .htaccess file into a NotePad text file. Then reactive BulletProof Mode for your Root folder and copy the entire contents of the root .htaccess file into another NotePad text file. Then put the 2 files side by side and compare them for any differences.

  6. robimx
    Member
    Posted 8 months ago #

    well this is defintely not right, this is the part of the root that keeps getting rewritten

    right at the top before the Bulletproof code starts :S

    [ Moderator note: hacked .htaccess file redacted, no need to give those spammers air time. ]

  7. AITpro
    Member
    Plugin Author
    Posted 8 months ago #

    Yep your website has been hacked. Most likely since this keeps reoccuring then the hackers have uploaded a Shell hacking script to your website files. You will either need to restore your website from a good backup or you will need to backup all your files and WP Database and then reinstall everything clean and then import only your content back into your WP DB. ie Posts, Pages and Comments.

  8. robimx
    Member
    Posted 8 months ago #

    I have a plugin that emails me a backup .zip every day so I have plenty of those. I have never done a backup, how to do that?

  9. vikingweb
    Member
    Posted 8 months ago #

    I would also check to see if there is an extra .js file or text file sitting outside of the root folders aka admin, cont, includes. I have 3 sites I have to do the same thing to. Good luck to you robimx.

  10. AITpro
    Member
    Plugin Author
    Posted 8 months ago #

    A nice simple backup plugin that will back up both your website files and your WordPress Database is BackWPup. Once you back everything up then nuke your site. Then change your web host password, FTP password (and SSH password if you have enabled SSH).

    Then do a clean installation of WordPress and restore/import ONLY your database content tables shown below.
    wp_comments
    wp_links
    wp_postmeta
    wp_posts
    wp_terms
    wp_term_relationships
    wp_term_taxonomy
    wp_usermeta
    wp_users

    And finally you will need to upload your image files to /uploads, but you want to go through all them carefully to ensure there are not any hacker files in this folder.

    NOTE: check the User accounts for your current site before nuking it and if you see an Administrator account that you do not recognize then delete it.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.