Thread Starter
FMNG
(@fmng)
J’ai déjà utilisé l’avant dernier lien que tu me proposes, mais il me donne des noms de section et donc je ne sais pas à qu’elle page cela peut provenir …
Par exemple :
http://www.fmnextgen.com/football-manager-2011-informations/
Dans quel fichier php, javascript, etc … je pourrais trouver le code qui fait que ça déconne ?
I had a similar problem a few months ago. In my case, all I needed to do was remove the bad code from the .htaccess file. I would try that first since it’s only take a few minutes.
Thread Starter
FMNG
(@fmng)
Sorry, I just forgot that was an english forum.
I just said that I already checked the last but one website. I just have some url to check with the code but I don’t which url page correspond to the file.
For example :
http://www.fmnextgen.com/football-manager-2011-informations/
In which file can I found the code ?
Thanks for your answer Gabe, I will try to do that ;).
Thread Starter
FMNG
(@fmng)
Which bad code that was Gabe ?
Because I have that the following code in my file :
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName fmnextgen.com
SetEnv no-gzip dont-vary
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
You will often find a malware script inserted into the HTML of the index.php page and surrounded by <script> tags like this:
#618404#
echo(gzinflate(base64_decode("<random characters here>")));
#/618404#
where <random characters here> is a long list of seemingly random characters.
The easiest option may be to reinstall WordPress using the Dashboard but backup your wp-content directory first and any other custom files. Then check your custom files for those script tags above (or similar) and delete the tags.
Then I strongly suggest changing your FTP passwords to prevent further infections.
You will then need to let Google know you have removed the malware so your website is not reported as malware any longer.
Hope that helps.
Thread Starter
FMNG
(@fmng)
Thanks for your help.
I just have a question, if i reinstall WordPress, I will loose all of my articles or not ?
If you have a backup of your .htaccess file, you can just compare.
You may be able to go back a few days and get it from your host provider.
When in doubt, feel free to save a copy of the current file now and just remove anything that’s iffy looking. Based on recollection, my file doesn’t have anything that you just posted.
Your articles are stored in the database so you shouldn’t lose your content. To be on the safe side, do a database backup and your entire wp-content folder (which you can check for malware scripts after downloading them – a good A/V package should detect anything unusual).
You can also back up your wp-config.php file – it shouldn’t be replaced by a new WordPress installation but there’s no harm in being cautious.
Back up .htaccess to if you have made any changes to it. Then compare with the new one and re-add any changes you previously made to the old one (making sure they aren’t malicious changes added by the hacker of course).
