WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Website redirecting and/or malware attacks (9 posts)

  1. drspoon
    Member
    Posted 2 years ago #

    The website is http://www.howtosavetheworldcomic.com

    For some reason it keeps sending visitors out to other sites and/or trying to attack their computers with malware. It comes up clean when I run it through http://sitecheck.sucuri.net and I've changed and encrypted ALL of my passwords (as well as used all of the security keys) but I'm still being infected!!

    I can't seem to find any malicious code anywhere but I can't figure out why this continues...

    PLEASE HELP!!!

  2. ChristiNi
    Member
    Posted 2 years ago #

    Hi drspoon,

    Sorry to hear you're having trouble with malware on your site. I was able to bring up a warning with AVG the first time I visited your site. I would suggest checking your .htaccess file for any malicious code that could be causing the redirection. I also found some information you may find useful from sucuri.net:

    http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html

    Don't forget to scan your local computer as well to make sure it's clean.

    Hope this helps!

  3. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

  4. drspoon
    Member
    Posted 2 years ago #

    Ok... now how do I get into my .htaccess file?

  5. drspoon
    Member
    Posted 2 years ago #

    Ok... I've looked at my .htaccess file and there is nothing out of the ordinary...

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    I've triple checked with sucuri and they're finding nothing... This is really bugging me as I know there is a problem but I can't find it anywhere!!!

  6. ChristiNi
    Member
    Posted 2 years ago #

    Hello again drspoon,

    Your .htaccess file should be in the same folder where you installed your WordPress files (public_html is common but not the only name used). If you're not sure what your site's Document Root is (this is where you put your site files) you can contact your host for help with that. Two things to keep in mind regarding .htaccess:

    1. It is a "hidden file" so if you are using a File Manager provided by your host you may need to select an option that you wish to view hidden files.

    2. There can also be an .htaccess above your Document Root that can affect your site.

    If you're really not sure if the code you find in your .htaccess file is legitimate code, you can try renaming it to something like .htaccess-bk and let WordPress just create a new .htaccess file for you.

    Good luck and I hope you're able to get that cleared up soon.

  7. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

    I know there is a problem

    How do you know? I opened with 4 different browsers and got no warnings, redirects, etc.

    I find no threat or record of threats with
    http://www.avgthreatlabs.com/sitereports/domain/howtosavetheworldcomic.com/ and http://www.virustotal.com/index.html and ms security essentials and http://www.google.com/safebrowsing/diagnostic?site=howtosavetheworldcomic.com

    But, if your site was hacked, cleaning up the .htaccess, while a good start, will not end your problems. You have to be super aggressive in cleaning and protecting the site.

  8. ChristiNi
    Member
    Posted 2 years ago #

    Hello again drspoon,

    Make sure you've followed the recommendations from the Codex:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    To be on the safe side, you cold also install this plugin to check for any exploits:

    http://wordpress.org/extend/plugins/exploit-scanner/

    Hope this helps!

  9. drspoon
    Member
    Posted 2 years ago #

    Ok seems like I've fixed it (sorry kmessinger I meant to post this earlier). I once again reset all passwords and deleted the original site files and replaced them with fresh untainted copies.

    Everything works!

    Thanks for all the help!

Topic Closed

This topic has been closed to new replies.

About this Topic