redirect hack, all seems clean

  • Resolved klauscore

    (@klauscore)


    9 years, 3 months ago

    Hi,

    I had a redirect hack on my site, http://www.pacificklaus.com

    I cleaned everything out (deleted any files with suspicious code), and both the Qutttera and Sucuri scans don’t find any malware anymore. I re-installed WordPress, changed the password & changed the theme (some malicious files were in there). I deleted the hacker user account. There have been attempts to log into my site, but none successful.

    But there is STILL some kind of redirect to a ringtone download site or to porn. I seems to happen most likely when clicking on a link to my blog from Facebook, while the user is using Chrome. I am not certain if that is the only case, though.

    What is going on and what can I do?

    Thanks,
    Klaus

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator James Huff

    (@macmanx)

    9 years, 3 months ago

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    georged8

    (@georged8)

    9 years, 3 months ago

    Sounds like you still have some malicious code in your .htaccess file, take a look and see if there is anything suspicious there, this is usually located in /home/username/public_html/WP_install_folder/

    Thread Starter klauscore

    (@klauscore)

    9 years, 3 months ago

    Thanks for the replies! I looked at the .htaccess file and removed the first block, everything before < # BEGIN WordPress >. It seems that solved the issue.

    Still unusual that none of several malware scanners picked up anything!

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^file\/[a-zA-Z0-9]+\/[0-9]+.html$ file [L]
    </IfModule>
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^([a-zA-Z0-9]+)-(.*)-([0-9]+)\.cgi$ file.php?$1=$2-$3 [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php [L]
    </IfModule>

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘redirect hack, all seems clean’ is closed to new replies.

Tags