SITE HACKED: redirect to sociallytouch.ru

  • senra

    (@senra)


    11 years, 5 months ago

    Hi,

    I am facing a peculiar problem for the past one week. I am using Mantra Theme, for one of my customer’s site. Last week, i found the site was hacked, and .htaccess file was modified to redirect all google bots to a russian site. eg: sociallytouch.ru ..

    I deleted all existing installation, but kept the same DB. I uploaded fresh files of wordpress and Mantra Theme, and still the site is redirected to the russian site.

    I could have just re-installed. But i wanted to find why it was happening, and thus started debugging. From Live HTTP headers, and firebug, i could observe the following.

    1. The redirect happens, the moment the custom header is accessed, a 303 redirect is happening.

    2. I tried accessing the custom header file path, and the site is redirecting. For other files, its NOT redirecting.

    3. I disabled javascript, and then accessed, and the same thing is happening.

    4. I tried searching for the term “.ru” in options table, and in Posts table, but i could find no records in the table. But still from some where, the wordpress is redirecting to sociallytouch.ru .

    Can any one guess why its happening? I searched in the net to get any help, but i could find only the below link specific to this issue.

    http://labs.sucuri.net/?details=sociallytouch.ru

    Update:
    ——-

    I forgot to mention, that there is a iframe injunction in all my javascript files..

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘SITE HACKED: redirect to sociallytouch.ru’ is closed to new replies.