Malware redirect hacks – specific question regarding vulnerabilities
I’ve read through many of the topics but couldn’t find what I was looking for, so my apologies if this duplicates anything.
Here’s my situation:
I had several (read: 20+) sites on shared hosting (with GoDaddy). At least one of them got hacked with a redirect; they all wound up infected.
After trying for weeks to correct the problem, I gave up and gutted everything. So there were no files in my hosting account (except for a few website statistics ones that my host verified were okay).
I reinstalled one website. Sucuri checks it as fine. I started working on the second one, and it was infected in less than 12 hours! Thankfully, my first one is still testing fine per Sucuri.
I deleted everything from the second site, of course – wiped it clean and reinstalled.
I was experimenting with plugins on it initially and had assumed it was a plugin or theme issue, so I kept track of what I had installed on the hacked site and compared it with what was on my other website. (Presumably, the ones that were on both would be safer.)
But paranoia derived from hours upon hours of wasted time and frustration (lol) got the best of me, so I decided to take it step by step.
Unfortunately, even after a fresh installation, there seems to be something wrong, and I don’t know what to do.
Sucuri scans it clean, but with no plugins or anything other than the Twenty Eleven theme (completely fresh install), if I go to http://indieaz.com/wp-login (I realize it should be wp-login.php. I discovered this occurrence by accident), I get a redirect error from Comodo that tells me “emisacbannortim.ru does not exist” (even after clearing my cache and history, etc.).
I.e., it’s trying to redirect from WP to that site. (I’ve yet to try this on my first website. Too terrified to find out. lol)
So my question is, how can this be happening?
I’ve read tons of articles during the weeks when I tried to fix it before, and it seems to me that there can only be four possible sources of this problem (although please, please correct me if I’m wrong):
1. The computer I’m using is infected with malware, which is thereby infecting my sites.
2. The other website on my shared hosting is infected with malware.
3. My hosting provider’s server is infected with malware.
4. There is a security issue with the WordPress core software itself.
1. I have Comodo and Adaware on my computer. I scan it on a semi-regular basis, and so far it’s come up clean.
2. My other website is still scanning clean (per Sucuri), was only installed a few days ago, and has several security plugins, which were installed immediately.
But 3. and 4. seem highly unlikely…
I verified everything that exists on my hosting account. They currently are:
1. My first website I redid – http://k-mo.info – which tests clean, per Sucuri.
2. The fresh install of WP on my second website – http://indieaz.com.
3. A bunch of folders from my previous website installations – all empty.
4. A “stats” folder from GoDaddy that they confirmed as being safe/legitimate when I called them.
I’m so confused!
Any help would be greatly appreciated. Thanks in advance for your time and assistance.
- The topic ‘Malware redirect hacks – specific question regarding vulnerabilities’ is closed to new replies.