How Black Hat SEO Hacks Fool Google. My site's .htaccess file hacked, how? Hello all, Thanks for everyone's time in providing feedback about my problem.
I appreciate the explanations of all things .htaccess. UseShots - Yeah, I also think something was intercepted. While the host has not offered any help with providing evidence of when the file was modifed and by whom, they have offered the explanation that there is some "worm" that does this by way of google and/or malware that is installed on one's machine locally. The only thing I did that was any different than my normal blog usage before the hack was to use the "instant-upgrade" plugin where I did not transfer the command/install via SSL. Also, I have still found no malware on any machine that connects to this site via FTP. I have changed my .htaccess file's permissions to a safer level and have had no problems since. I also read a lot about similar scenarios like mine where only half of the hack works, meaning the php script that is embedded into the .htaccess file does not work for some reason.
Recurring htaccess hijack. (@ RMelick : oh my god, did I make you delete your backups ?!?
I'm so sorry if I misled you !) Just in case, guys, your wp-config.php was really a brand new one, without code secretly hidden at the bottom ? You weren't on shared hosting with other sites on the same hosting account and in the right-next-folder, sites that, them, weren't freshly reinstalled ? You confirm you didn't have a cute-but-untested-against-security-holes template ? @ Remelick, if that's so, then frankly, I'd consider changing to another web host :( Tracking where that may come from at this point wouldn't be entirely impossible (oh, the joy of parsing server logs.
In that regard, hostgator is doing well (they're my favorite web host for shared hosting), and wordpress.org recommends good hosts too... How To Completely Clean Your Hacked WordPress Installation. Posted on June 24th, 2008 at 10:11 am by Michael VanDeMar under blogthropology, coding, how-to, On The Ball-ness, SEO, web design Getting hacked sucks, plain and simple.
It can affect your rankings, cause your readership to be exposed to virus and trojan attacks, make you an unwilling promoter to subject material you may not actually endorse, and in many cases cause the loss of valuable content. However, once it happens it is usually best to not procrastinate on the clean up process, since a speedy restore will most times minimize the damage that was caused. While almost all sources will recommend that you upgrade your WordPress to the latest version, what the majority neglect to tell you is that in most cases simply doing so will not prevent the attackers from getting back in, even if there are no known exploits with the latest version. 1. Even a hacked copy of your blog still probably contains valuable information and files. 2. 3. 4. 5. Get rid of the new .htaccess hijacking method for WP - Hosting Security and Technology Tutorials.
About two days ago a new method of .htaccess hijacking occures on various WordPress websites.
The actual security hole wasn't discovered yet, but it doesn't seem to be a plugin and also happens with the newest WordPress version. What this attack does, is redirecting your website to a malicious URL, if the visitor comes from any search engine, so regular visitors and the webmaster won't discover it that fast. Because I see more and more WP users being affected by this, I will tell you how I removed the infection from a WP site yesterday and how I blocked it. The file names may be different in your case. 1.) Code: cd /your/website/directory find ./ -name .htaccess 2.) 3.) Cat /path/to/access_log* | grep '188.190.' cat /path/to/access_log* | grep 'POST' 4.) <FilesMatch "^(wp-lloxa\.php)"> Order allow,deny Deny from all </FilesMatch> Where "wp-lloxa\.php" is the name of the malicious PHP file you found. 5.) .htaccess file in WP root directory.