WordPress.org

Ready to get started?Download WordPress

Forums

WordPress site is redirecting to malware??? (13 posts)

  1. EricBrad
    Member
    Posted 2 years ago #

    My blog at: http://makingsound.se is being redirected when searching from google or bing.

    http://www.google.se/#hl=sv&cp=15&gs_id=3u&xhr=t&q=ec+making+sound&pf=p&sclient=psy-ab&source=hp&pbx=1&oq=ec+making+sound&aq=f&aqi=&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=a276a245c6944f68&biw=1676&bih=934

    Try the first link!

    What's going on??? The site it's redirecting to is something called uaroyalsys.
    I found another forum post 4 hours ago on the dutch site but I don't read dutch.

    /Eric

  2. EricBrad
    Member
    Posted 2 years ago #

    Ok I deleted a hidden file called
    .htaccess

    But how did it end up on my blog?
    Is my database corrupted now?

  3. EricBrad
    Member
    Posted 2 years ago #

    I misspelled the malware site it should be: uaroyalys.

    Here's the post on the dutch site:
    http://nl.forums.wordpress.org/topic/links-gaan-naar-andere-site

  4. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

  5. EricBrad
    Member
    Posted 2 years ago #

    Thanks! I've changed my passwords and deleted the htaccess file.
    Site check is not finding anything at the moment...

    Do you think it was my hosting company that got hacked?

    Let's hope I stopped it in time.

    /Eric

  6. EricBrad
    Member
    Posted 2 years ago #

    One more thing though...

    In retrospect I kind of regret trashing the htaccess file.
    Should I create another one?
    How do I do that?

  7. EricBrad
    Member
    Posted 2 years ago #

    Ohh no!
    it keeps coming back!

    I have to take the first step and calm down.

    /Eric

  8. lucaslshaffer
    Member
    Posted 2 years ago #

    EricBrad, I am having similar issues. Who do you host with?

  9. EricBrad
    Member
    Posted 2 years ago #

    Hi Lucas.

    My host is Binero.se but I don't thing that they are the problem anymore...
    Anyway, I think I sorted things out.

    I reinstalled wordpress, theme and reverted to an 2 week old DB.
    Everything seems to be fine for now.

    I found a really suspicious file inside my uploads folder.
    the file was called "_cache" and seemed to contain some sort of code.

    Hope that helps.

    /Eric

  10. lucaslshaffer
    Member
    Posted 2 years ago #

    Im searching now for files/folders including a 'cache' string in the name suing FileZilla.

    The problem is the hosting account is propagating into ALL sites, including non-wordpress sites as well. Been looking for bad scripts, weird out of place files, misplaced files, config files and anything else.

    I've got back ups of the major sites, but it seems that after I reinstall (a simple site) the files are then re-written (.htaccess) so I need to find the problem file before I can begin rebuilding.

  11. mortensn
    Member
    Posted 2 years ago #

    I'm having this same problem. If you find a solution PLEASE let me know about it.

  12. Sofie
    Member
    Posted 2 years ago #

    I had the same problem. I have deleted the .htaccess file and I uploaded a new, clean .htaccess file

  13. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

    Deleting one file will not do it. Unless you do what the links esmi gave above says you will still be hacked again and again.

    Also tell your hosts. Most likely the hack is coming from someone else's site on the shared server.

Topic Closed

This topic has been closed to new replies.

About this Topic