WJBET slot,Ayalawin login app.Recharge Every day and Get Bonus up-to 50%!

Resolved roseba
(@roseba)

13 years, 10 months ago

It started about a two weeks ago when I opened up comments to non-registered users. After awhile, getting comment spams, I put some Captchas in place.

I was monitoring my traffic very closely and I kept noticing traffic from ubiquity services. The ip’s kept rotating, the user agent and other headers kept rotating. In essence, it was not consistent with a human.

I began blocking those ip’s on the htaccess level. I also contacted ubiquity who essentially said, “not their problem”.

I stopped getting as much traffic from ubiquity but noticed very odd referral urls. I was getting referrals from a lot of non-search engines, and when I visited their sites, there was no trace of my domain. I knew something was up.

I looked into various things to shore up my security even more, many of which ended up breaking my site, or locking ME out.

I scanned through my folders looking for modified dates. I ran a few WP plugins on security that exposed certain “base64” codes etc. But it all looked like it was a normal part of the plugins in question. (Adminer has a lot of that.)

Last night when I checked on my site, and clicked on one of my permalinks, it took me off site. I discovered ALL of my links are doing that.

I removed EVERY file from my WP directory and put a clean install of WP. I also downloaded my plugins a new. It did not fix the problem which leads me to believe it may be part of the database, which is not my strong suit.

I’m not sure where to look and how to troubleshoot at this point.

I need some help.

Viewing 12 replies - 1 through 12 (of 12 total)

Thread Starter roseba
(@roseba)

13 years, 10 months ago

Oh and my website is https://www.roseba.com/

Moderator keesiemeijer
(@keesiemeijer)

13 years, 10 months ago

try

– switching to the default theme by renaming your current theme’s folder in wp-content/themes using FTP or whatever file management application your host provides.

– resetting the plugins folder by using FTP or whatever file management application your host provides. Sometimes, an apparently inactive plugin can still cause problems.

– set your permalink structure to the default structure at Settings > Permalinks in your admin panel and see if the redirecting still happens

– renaming the .htaccess file or deleting it after a backup of the .htaccess file.

Thread Starter roseba
(@roseba)

13 years, 10 months ago

I’m not sure what you are saying. Last night, I deactivated ALL of my plugins.

I followed that by deleting the entire directory, and then reinstalling wordpress from scratch. Then I reinstalled all the plugins from scratch.

So all files there, are brand new files except the robots.txt and htaccess and the wp-config file. (And the theme I had a backup of)

Thread Starter roseba
(@roseba)

13 years, 10 months ago

I did switch the permalink structure, found it to work, switched it back and now it works. Fascinating.

Moderator keesiemeijer
(@keesiemeijer)

13 years, 10 months ago

read this: https://www.ads-software.com/support/topic/how-do-i-verify-recover-from-a-hack?replies=17

Your site has also has an iframe that refers to https://www.dsnextgen.com/

I don’t think this is a hack. Try switching to the default theme.

Thread Starter roseba
(@roseba)

13 years, 10 months ago

I don’t know what dsnextgen is. But I did try switching the permalinks to default. It worked. Then I switched it back to custom and it also worked.

Thanks for your help. I have to do some back end work to see if there are other things out there to clean up.

I do feel there was a hack because of the unusual traffic I was seeing, especially the bunch of referrals coming from youtube, for instance. (I don’t have anything on youtube). And a bunch of other small websites. And the number of requests in the past week to read my xmlrpc.php file and my robots.txt file.

Moderator keesiemeijer
(@keesiemeijer)

13 years, 10 months ago

Yes this is a hack but probably one that resides in a plugin or theme.
scan your theme for malicious code with this plugin: https://www.ads-software.com/extend/plugins/tac/

Thread Starter roseba
(@roseba)

13 years, 10 months ago

I will look at your suggested plugin. All my plugins are newly installed from WordPress. (I didn’t keep what was there)

Thread Starter roseba
(@roseba)

13 years, 10 months ago

Theme is clean. Hopefully, I killed whatever code was there by reinstalling everything cleanly.

Moderator keesiemeijer
(@keesiemeijer)

13 years, 10 months ago

Well that is a good sign. Just to be sure check your files with this plugin: https://www.ads-software.com/extend/plugins/exploit-scanner/

Thread Starter roseba
(@roseba)

13 years, 10 months ago

Who ever was at it, is still trying to do this. This is frustrating because I don’t know what the original exploit was, so I can’t shore it up.

And despite the fact that I have listed the ip addresses to ubiquity, they don’t want to do anything about it.

The latest is this morning from: 108.62.220.8

Moderator keesiemeijer
(@keesiemeijer)

13 years, 10 months ago

There is a lot you can do to secure your install further:
https://codex.www.ads-software.com/Hardening_WordPress

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘I've been hacked, permalinks are going off site’ is closed to new replies.

I've been hacked, permalinks are going off site

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics