Did you use a 301 redirect (Moved Permanently)? It seems, if you did not do so, some Russian site has got backdoor entry and installed it.
Thanks for your reply Krishna,
What is a 301 redirect?
I will google it too…
lewis
No Krishna,
i did not use a 301 redirect…
What do I do now?
any ideas?
Lewis
That means you have NOT used a 301 redirect.
You can get some idea here: http://www.webconfs.com/how-to-redirect-a-webpage.php/
You can find the REPORT HERE. If you do not know, it is better to contact your hosting company. It can be a case of hacking, though your site is verified CLEAN.
Good Luck! The problem can be resolved easily. The redirect is most probably from your .htaccess file.
I have emailed my hosting company and am eagerly awaiting the reply.
Thanks again Krishna
Hey Lewis, I’m having exactly the same problem as you at exactly the same time. I tried to load my website about 4 or 5 hours ago and was getting exactly the same url you have tacked on to the end of mine, and the page wont load. The only difference is that I am using joomla and not wordpress.
I have still not resolved it, but I have found some things out. If I type my domain-name the problems occurs, but if I type my domain-name and add /index.php then the website loads as normal.
I checked my visitor logs and seems like I have an awful lot of ips connecting to me website associated with that suspicious url, it also looked like my user admin had recently been used to log into my account. I changed the password now, and blocked all those ips.
I contacted my service provider and they think its something to do with the .htaccess file. They said they had fixed it, but its still not working. I also found various copies of this file with that url copied many times inside it, but I have removed all of them now.
Anyway please let me know if you manage to fix it, or if you find out anything else. I’ll let you know how my problem goes as well. Thanks, and good luck!
I had to repair ALL .htaccess files, including one from a level higher than my public html folder, so double check those.
Been about an hour now and everything seems OK
Ah thanks! I missed that one as well, everything seems to be more or less back to normal now. π Glad you could sort yours out as well!
Hi there
Just to chime in, I had the same issue on my side – The weekend: 7-8th of July 2012. My .HTACCESS was also tampered with. I had to roll-back my database and files to fix issue, I Also changed FTP passwords etc.
I am just a little concerned that access was gained to our server – not sure how to ensure that it does not happen again – have a number of plug-ins installed – might be a vulnerability (my WP and plugins are up to date) and I have since installed a firewall ect – but I am still concerned about the incident.
Any suggestions on what to do? form the community – it is very interesting that this has happened on other platform as well (as mentioned above)
Just to qualify – we also have a 301 redirect (to redirect the .com to the .co.za) could it be that something was injected there.
I am investigating this issue and if anyone is interested I can supply my findings (if it is worth anything).
good luck to those affected…
mrlewiswhite and all
Thanks for posting this thread.
One of my clients just reported the very same problem 7/9/12 at 7:47AM (US EDT). I just looked at the .htaccess file on the root HTML and I don’t see anything out of order.
But when I looked at the .htaccess file in the wp-content folder I found this:
RewriteRule ^(.*)$ htttp://reltime2012.ru/frunleh?9 [R=301,L]
It was modified 7/7 at 8:03 AM.
I will delete it.
What could have made us vulnerable to this hack?
What should I do to make the site more secure?
– – – – –
deleting the hacked .htaccess in wp-content has not fixed the problem, so I will keep looking for other compromised files.
Update: I did find the root .htaccess file was hacked, on a second inspection.
I replaced this also, refreshed my cache, and the site is still redirecting. So I’ll continue to look for hacked files.
Looking forward to what others find out.
I fixed the problem by deleting hacked .htaccess files in 3 places:
- root above public_html folder
- in public_html folder
- in wp_content
Hope others find this helpful.
