Same here, since yesterday it is redirecting to http://uaroyalysdaliachu.ru and now google search engine has started showing malware notice on website when go through search engine, something got infected in wordpress on 15th Feb. 2012. Please post the solution or any malware removal script if anyone has tried it.
Solution:
Chmod .htaccess from 444 to 666
Check .htaccess and remove lines in up and bottom of document.
BUT! Im cleanin htaccess file third time a day. WordPress core or some plugins has vulnerability. Need qualified advice
Same here.
1. Updated .htaccess
2. Re-uploaded all core files
3. Runned “Timthumb Scanner” plugin
Problem is still here with link to the same site as you all mentioned. Please if you find a solution post it here… Thanks!
Hi everyone!
Exactly the same problem here unfortunately… I tried various things but nothing works. Did you find which files was hacked? I don’t find them…
Many thanks!!
Hey all, this happened to me to? I have no idea what I need to do to fix it? Im a newb when it comes to this stuff!
I tried the fresh install but it changed nothing unfortunately…
I had a friend who had his WordPress installation hacked just over the weekend. This is the second time it has happened, even after a fresh install and security measures put in place.
If possible talk to your hosting company to see if they can offer a solution. In his case it was a problem on the hosting side.
It seems that the problem comes from the index page but I don’t find much more…
Hi, I contacted my server provider (hostgator) about this issue, they have scanned and cleaned all the malware scripts which was even injected in the root domain, then I submited to Google webmaster tool for “Attack Page Website message” removal and within 24 hours all sites are back to normal. Do contact your server provider because this is what you cannot clean on your own quickly. I found Hostgator is extermly helpful that is why I had shifted my sites from Godaddy to Hostgator.
You can check here if your website got blacklisted in google because of malware, you can also check which files on your server got infected by this malware.
click here http://sitecheck.sucuri.net/scanner/
Solution:
1. Chmod .htaccess from 444 to 666
2. Check .htaccess and remove lines in up and bottom of document.
3. Chmod .htaccess from 666 to 444
works for me
this shit was in htaccess:
for seo:
[Code moderated as per the Forum Rules. Please use the pastebin]
This is not the best solution the malware script stll be there.
Have anybody a another solution for this?
I have found more files in the subdirectorys with malware. For example in the subdirectory wp-admin is one file it caled wp-ggxy.php
And i have detected more of one file with this names wp-xxxx.php
Unfortunately I found nothing in the htaccess file, do you mean the one in the root of the domain?
I didn’t find any corrupted subdirectory neither…
Restoring backups of last working copy doesn’t work. All the .htaccess files were back with redirects within hours. Has anyone found a solution?