Website hacked redircted to Russian and Pharma sites

  • Resolved infusion2k7

    (@infusion2k7)


    10 years, 1 month ago

    Hi Guys

    I run my own VM which was recently hacked. The hack was pretty basic. Just 404 redirect in the .htaccess file to Russian and pharmaceutical websites. The problem was, no matter what I did to the .htaccess file, within 24 hours it was redirecting to some other spurious site.

    I’ve got ClamAV and ReFX Maldetect monitoring the folders within /var/www/html, but they were coming up clean.

    Turns out, they aren’t very good at detecting trojans, because I downloaded my websites to my desktop and ran them through Avast and t picked up all sorts of nasties.

    Also, these nasties won’t be automatically cleaned, it will simply delete the files, which are essential for your WordPress install to work.

    So, if you find that your site has been hacked, you’l need to do the following:

    1. Change all your passwords. If you have SSH access, then ditch passwords altogether and use authenticated keys, for better security. For MAXIMUM security, install OpenVPN, then edit your /etc/apache2/apache2.conf file to only allow access to your wp-admin folder from your server IP address. You then VPN into your server to access the login. (Sounds more complicated than it actually is)

    2. Log into your WordPress backend and make a note of all the plugins you currently have.

    3. You’re already infected, so you need to clean up your files. The best way would be to backup your website folder, then ditch all the files and start a fresh.

    4. Once you’ve extracted the latest wordpress folder into your website folder on the server, copy the wp-config.php file back in. This will reconnect you to your database, which brings all your posts and pages back to life.

    5. Log into your website using your usual username and password. You’ll now need to reinstall all the plugins you noted earlier.

    6. Download the latest version of your theme and either extract the files directly into your wp-content/themes folder or use the Themes installer on the WordPress backend

    7. Make sure you scan the wp-content/uploads folder for viruses, then upload this back onto your server. This will bring all the images you’ve uploaded in the past back to life.

    8. Get the Buletproof Security plugin to secure your site from the most common attacks.

    If you perform the steps above, you should get your site back up and running very quickly and more importantly, stop it from getting hacked in the future.

    [moderated]

Viewing 6 replies - 1 through 6 (of 6 total)

  • FYI, security info is arguably helpful (lots of it frequently posted in these forums), but posting links to your site not so much. If you want to help out here, that’s great, but these forums aren’t for soliciting work, sorry. Please make sure you’ve reviewed the forum guidelines, in particular:

    https://codex.www.ads-software.com/Forum_Welcome#Helping_Out

    Thread Starter infusion2k7

    (@infusion2k7)

    Hi WPyogi

    FYI I wasn’t soliciting work. I’d be more than happy to advise individuals on their specific issues. I don;t believe there’s a messaging system in place on these forums, so I was simply offering a way for people to communicate privately.

    Thanks all the same.

    Thanks, I’m glad to hear you had good intentions – but asking people to contact you off the forums is strongly discouraged as mentioned in the link above. Generally, links will be removed by mods and/or those kinds of posts deleted.

    As you may have noticed, some plugin and theme developers do ask people to contact them directly, and that’s permitted within reason. i.e. ideally, help is on these forums so that everyone can benefit, but in some cases, the user may need help beyond what’s possible here, and if the developer(s) are willing, they can help further off the forums. We still do keep an eye on it so it’s not abused.

    So it’s totally great if you want to help out here but please do keep it here :)!.

    Thread Starter infusion2k7

    (@infusion2k7)

    Yeah, that’s great. I’ve seen a few posts about hacking recently, but the advice was a bit here nor there. The OP should work out great for the majority of people, but I understand that not everybody will understand the terminology.

    Any questions, feel free to ask. I’m very happy to help purge the scourge of malicious hacks ??

    I’m very happy to help purge the scourge of malicious hacks ??

    Oh boy, you said it! And yeah, it depends on who replies to those threads – we try to make sure people get good info, but any help you want to offer would be much appreciated, I’m sure.

    @webgeeksps – please review the forum rules – hosting isn’t a permitted topic and neither is looking for business. Your posts have been deleted.

    https://codex.www.ads-software.com/Forum_Welcome

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Website hacked redircted to Russian and Pharma sites’ is closed to new replies.