Hacked by “Sole Sad & Invisible”
Hi, 3 of my sites recently got hacked and had injected code into index.php and overwrote .htaccess. Also dumped an alfa.php file and a folder called alfacgiapi which contains .htaccess, getheader.alfa and perl.alfa
So, I cleaned them off and ran several different malware scans, internal and external, which reported all was clean. One of the sites has no further problems, but on 2 of the sites, my .htaccess file was still getting overwritten and my index.php file is getting code injected into it.
So I replaced all the WP (5.5) core files, but the index.php and .htaccess were still getting overwritten.
My host said I should install sitelock at $299/year on all my websites, but I have 10 of them, no way I can do that. They are just business card sites.
I have completely deleted one of my sites and created an basic index.html file, that’s all that exists there. Yet, still after a few hours an index.php file appeared with the malware code, but not any WP code. No .htaccess file has appeared though.
I have changed my cpanel password, all my WP login passwords and deleted all ftp accounts. The host suggests maybe there is some malware in the root folder, but that would leave all my sites vulnerable in that case, yet only 3 were attacked, one is cured and 2 still have problems.
I’m guessing if I change host, then I’ll get a clean root folder. For the cost of 10 sitelock licences, I’ll get about 20 years hosting including malware protection.
- The topic ‘Hacked by “Sole Sad & Invisible”’ is closed to new replies.