Support » Fixing WordPress » My Website got hacked and automatically redirected to another site

  • Hello everyone,

    It’s been awhile since I checked on my website and work on it, and I just noticed that my website got hacked and it automatically gets redirected to another spam website. It’s really annoying. I don’t have a backup on my computer, and I really need some help and hope someone can tell me how to get rid of that spam site without redoing my whole website again.

    I’m not very good at wordpress to begin with, and it has taken me awhile to make my website. I really hope to get some help with details on how to resolve this problem.

    Many thanks in advance.

    Cheers,
    Kristine

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • The redirection occurs due to ‘http-equiv=”refresh” content=”0;’ in following HTML tag

    <div class=”content__inner”>
    <p><meta http-equiv=”refresh” content=”0; URL=http://cj4dsmwjx.gyumriserverns.info”></p>
    </div>

    To resolve this redirection issue you need to find and remove this tag from generated HTML.

    This infection could present either in the backend database or in an obfuscated format in WordPress *.php files.

    If you have access to WordPress admin dashboard, try to install any of security plugins providing internal website scan to identify and cure this infection.

    I could suggest our plugin performing internal heuristic scan which could help you identify infection.

    If you don’t have access to admin dashboard, you can dump website content and search for suspicious things manually.

    The database could be dumped using phpmyadmin tool and website content could be download using FTP client.

    If you going to search for this infection manually try to find module (php) file adding the following div to the generated HTML (<div class=”content__inner”>) instruction injecting malware redirection should come just after this.

    One more comment, the redirection URL (hxxp://cj4dsmwjx[.]gyumriserverns[.]info/) is broken and generates error 500 which means that meanwhile no ads or malware will be distributed from your site.

    But you need to fix this redirection before the target link started to work properly.

    Thanks so much for replying.

    May I ask which php file should I look for , and in which folders (.metadata, wp-admin, wp-content, wp-includes)

    I do have access to the WordPress.org admin dashboard. It’s still at version 4.3.1. Should I update to the newest WordPress version?

    I really hope I can find that tag and remove it myself manually if that’s what is causing the problem.

    Much help appreciated.

    Cheers,
    Kristine

    Unfortunately, I cannot point out which exact file is infected.
    As I said, you need to install any malware scanner plugin that will scan your website internally and probably locate this infection.

    To access admin dashboard you don’t need access to WordPress.org.
    The dashboard could be accessed by <domain.name>/wp-login.php

    It is worth to upgrade WordPress to the latest version before you start with cleanup since upgrade itself can overwrite infected files and issue will be eliminated by itself.

    At worst case, after the upgrade, you will have to install malware scanner plugin and perform full website audit.

    Yeah, it’s now redirecting to a malware site. Install a malware scanner and see what it says. You are not blacklisted yet. Act fast if you can.

    https://sitecheck.sucuri.net/results/www.kristinechin.com/

    What I’d do is kill my present theme and plugins then try to login. You can rename your plugins directory from ftp or your hosting Control panel. You can then rename the active theme directory. I just add 1234 to my directories to rename them.

    If you can get to the dashboard try installing WordFence and see if a scan from WordFence will find this problem… it might. WordFence is pretty good out of the box.

    Your webserver’s PHP version is a little low and your WordPress version is pretty far behind. I think your web host might be GoDaddy. If I’m right they can help you with the php version.

    When you do get the malware redirect removed you can then install iThemes Security and keep that WordFence. They will work fine together and with the updated WordPress you should be in great shape.

    I just installed Wordfence plugin and had updated my WordPress version.

    After the WordFence Scan, it shows the bottom unknown files. Should I delete all of them? Please help.

    Warnings:

    * Unknown file in WordPress core: wp-admin/css/colors/blue/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/coffee/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/ectoplasm/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/light/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/midnight/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/ocean/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/php.ini

    * Unknown file in WordPress core: wp-admin/css/colors/sunrise/php.ini

    * Unknown file in WordPress core: wp-admin/css/php.ini

    * Unknown file in WordPress core: wp-admin/images/php.ini

    * Unknown file in WordPress core: wp-admin/includes/php.ini

    * Unknown file in WordPress core: wp-admin/js/php.ini

    * Unknown file in WordPress core: wp-admin/maint/php.ini

    * Unknown file in WordPress core: wp-admin/network/php.ini

    * Unknown file in WordPress core: wp-admin/php.ini

    * Unknown file in WordPress core: wp-admin/user/php.ini

    * Unknown file in WordPress core: wp-includes/ID3/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Cache/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Content/Type/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Content/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Decode/HTML/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Decode/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/HTTP/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Net/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/Parse/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/XML/Declaration/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/XML/php.ini

    * Unknown file in WordPress core: wp-includes/SimplePie/php.ini

    * Unknown file in WordPress core: wp-includes/Text/Diff/Engine/php.ini

    * Unknown file in WordPress core: wp-includes/Text/Diff/Renderer/php.ini

    * Unknown file in WordPress core: wp-includes/Text/Diff/php.ini

    * Unknown file in WordPress core: wp-includes/Text/php.ini

    * Unknown file in WordPress core: wp-includes/certificates/php.ini

    * Unknown file in WordPress core: wp-includes/css/php.ini

    * Unknown file in WordPress core: wp-includes/fonts/php.ini

    * Unknown file in WordPress core: wp-includes/images/crystal/php.ini

    * Unknown file in WordPress core: wp-includes/images/media/php.ini

    * Unknown file in WordPress core: wp-includes/images/php.ini

    * Unknown file in WordPress core: wp-includes/images/smilies/php.ini

    * Unknown file in WordPress core: wp-includes/images/wlw/php.ini

    * Unknown file in WordPress core: wp-includes/js/crop/php.ini

    * Unknown file in WordPress core: wp-includes/js/imgareaselect/php.ini

    * Unknown file in WordPress core: wp-includes/js/jcrop/php.ini

    * Unknown file in WordPress core: wp-includes/js/jquery/php.ini

    * Unknown file in WordPress core: wp-includes/js/jquery/ui/php.ini

    * Unknown file in WordPress core: wp-includes/js/mediaelement/php.ini

    * Unknown file in WordPress core: wp-includes/js/php.ini

    * Unknown file in WordPress core: wp-includes/js/plupload/php.ini

    * Unknown file in WordPress core: wp-includes/js/swfupload/php.ini

    * Unknown file in WordPress core: wp-includes/js/thickbox/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/langs/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/charmap/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/colorpicker/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/compat3x/css/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/compat3x/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/directionality/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/fullscreen/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/hr/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/image/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/lists/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/media/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/paste/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/tabfocus/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/textcolor/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wordpress/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpautoresize/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpdialogs/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpeditimage/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpemoji/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpgallery/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wplink/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wptextpattern/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/plugins/wpview/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/fonts/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/img/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/skins/lightgray/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/skins/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/skins/wordpress/images/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/skins/wordpress/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/themes/modern/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/themes/php.ini

    * Unknown file in WordPress core: wp-includes/js/tinymce/utils/php.ini

    * Unknown file in WordPress core: wp-includes/php.ini

    * Unknown file in WordPress core: wp-includes/pomo/php.ini

    * Unknown file in WordPress core: wp-includes/theme-compat/php.ini

    S\

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘My Website got hacked and automatically redirected to another site’ is closed to new replies.