WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Strange auto-re-directing (6 posts)

  1. ics2s3b
    Member
    Posted 2 years ago #

    Hi there,

    A site I look after (http://www.cornellschoolofdance.co.uk) is re-directing to seemingly random sites. It appears to be very clever at doing so as it will do it once every 24 hours from whatever IP address I'm using and then will behave normally.

    I think it might have come about due to Timthumb.php which I've now deleted. I've also deleted common.php, udp.php and a randomly titled PHP file in wp-admin/js.

    Now, when it tries to re-direct me, I get redirected to "http://www.upliftsearch.com/?keyword=arcade%20cellulare%20giochi&aid=1234&cid=2237&subid=3470726093" where it says
    "Database: Could not connect: Host 'smokescreen' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'"

    There appears to be some rogue code in my site that is playing havoc still, but I've no idea what/where it could be.

    Please help!

    SB

  2. foobuilder
    Member
    Posted 2 years ago #

    It looks like your site has been hacked and is being redirected to a spam site (which just happens to be down at the moment). Here are steps to take to recover from the hacking. Good luck!

  3. ics2s3b
    Member
    Posted 2 years ago #

    Cheers pal, seems to be sorted now. Was a rogue piece of code in the index.php file which I deleted. Seems to be sorted.

    These hacker types are crafty sods aren't they!

  4. Remember to change your passwords, and if you're using TimThumb in your theme or as a plugin, there is a need to update to the 2.0 version as there's a security hole :(

  5. ics2s3b
    Member
    Posted 2 years ago #

    yep, have deleted it :)

  6. Daniel Cid
    Member
    Posted 2 years ago #

    This uplifesearch redirection is related to the "superpuperdomain" attack that has been happening against sites using the vulnerable timthumb:

    http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain-com-attacking-timthumb-php.html

Topic Closed

This topic has been closed to new replies.

About this Topic