WordPress htaccess hacked, redirects to Russian site

admin — Sat, 18 Feb 2012 16:07:07 +0000

I have a bunch of sites hosted in one account that get a decent number of visitors. Some days ago however, I received an email from Google Webmasters saying that one of my sites had been blocked from users because it redirected visitors to a site that downloaded malware without the users consent. First thought was that it was a phishing attempt, but then at the end of the email it read that if the credibility of the email was in question, the same message would appear on my Google Webmaster Tools Account. And so it was.

I did a search on Google for a keyword I knew my site ranked well, it was still there, but when I clicked it, I got a warning saying that the site was blocked due to risky/malware content. I freaked out. Knowing that I was risking infection, I still wanted to see where my site was redirecting to. So I clicked “Continue Anyway”, and it redirected me to a domain ending in .ru (Russian, can’t remember the exact domain though, had enough trouble getting rid of it). Luckily enough, my firewall blocked the virus from downloading.

So after I had made sure that my site was infected. I had to figure out how it happened, and then how I could fix it. A serch for “wordpress hacked redirect” led me to some articles that talked about posible ways it could have happened. One of them was by modification of the .htaccess file. I connected to my host, opened the .htaccess file, and at first sight, it seemed OK, but there were scroll bars around it, so i scrolled down and to my surprise, there were lines of code that commanded traffic coming from search engines, to be redirected to the malware site. I deleted the extra lines of code, and tried to save, but it didn’t work. The hacker had chmod-ed it to 444 instead of 644. So i had to log into the cPaneland delete it, replacing the .htaccess file with a clean one. And woala, it was fixed.

10 minutes after, I checked again and the .htaccess file was hacked again. And this time, all other sites on that hosting account were hacked as well. I slowly started panicking, because I kept replacing the infected .htaccess files for every site, but after some minutes, the hacked version was there again. So I came to the conclusion that it was a script placed inside my hosting account.

Doing some research, I came across many people who were having the same issue. And ti seemed to be the consensus that an outdated plugin was the hole where the hacker got access. It was the timthumb.php, or thumb.php plugin. I did a search for thumb.php, and about 11 cases came up. I went on and updated them with the new code, which can be found here. Make sure you do a backup though, even with the infected files, in case something goes wrong, you can always go back to the previous state.

After I had updated the plugins, it was time to replace the infected .htaccess files once again. I did that, and this time more than one hour passed and nothing happened. So I thought I had finally fixed it, only to wake up the next morning and find out that they were infected again. This time I thought it must have been through another backdoor that the hacker must have left. So I started looking for suspicious files.

Some sites said that for this kind of attack, the hacker had placed backdoors named _wp_cache.php, _cache.php, sm3.php, and even wp.php. Usually placed in the wp-content/uploads folder, or even in the theme directory. I couldn’t find any such files. I could however find something that looked suspicious to me. In the uploads folder, among other folders named after the years when the uploads were made, there was a folder named js_cache. When I opened it, there were two files with long names, one .php and one .tmp. I knew I never had uploaded such stuff, only images, so I immediately deleted them. And it has been a full 24 hours so far and no more hacked .htaccess files. I think I finally got it to work, and I hope there won’t be any need for another fix. I need to state that I changed all my FTP passwords, hosting login, WordPress admin passwords, and database passwords.

I hope this helps someone out there struggling with the same issue.

Here are some other sources though, in case your situation doesn’t match mine:

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

How to get tons of traffic: URL submission

admin — Mon, 17 May 2010 17:32:18 +0000

Have you thought of URL submission while considering SEO for your website? If not, think again as you are missing a very fundamental technique for the search engine optimization. What makes this URL submission so important and how can you do this? This article shall answer both of these questions to guide you to attain this objective.

Importance of URL Submission for SEO: Do you know what encourages search engines to even include your page, with appropriate content, in the search results, let alone, rank it higher? This is the presence of link to your page on websites other than your own. The importance of the presence of your URL on other places over internet can never be underestimated. Even a webpage with a great amount of content cannot get its due in the sight of search engines without the technique under consideration. URL submission is not only necessary for new websites to come to the knowledge of search engines but this is also important for old ones.

Ask any web owner and he will complain of the infrequent crawling of his website by the search engines. This often results in depriving the searchers to search for the latest update as the website is yet to be crawled. Can you imagine that some high profile news, say the death of some global figure; that could have brought millions of viewers to your webpage is missed by the search engines just because your website yet remains to be crawled again and consequently you losing the millions of views that just a few hours could have brought? For sure, this is dreadful. But, a website whose link pervades the internet is not done such injustice as it is crawled frequently and it often earns the windfall of sudden traffic to them whenever some big news appears as the competition at the time of its breaking of the news is negligible and the number of people searching is huge.

Search for any famous news channel webpage and you will see it to have been crawled not so long ago. The search engines prefer crawling pages with huge presence over the internet more frequently. Therefore, whether you run an old website or a new one, the importance of URL submission is no less for you.The importance of URL submission is indeed thumping but how can you do it? The answer to this is that you can do it using different techniques. There are many URL submission sites on which you can submit your URL free of cost.

Many of these require you to post a reciprocal link of them on your page. Another but effective way is to submit articles to various article directories. These article directories submit your article free of cost and allow you to include a link to your desired web page at specified places. Both of these methods are extremely useful as the article directories help bringing fast but huge traffic to your page whereas the former technique for SEO is useful as it develops your ranking steadily. Besides, there are some other ways whereby you can place your URL on other sites.The importance of URL submission technique for any successful SEO campaign is indeed vital. Not only shall this help you gain a standing in the cyber world but this can also be done by yourself and does not require huge budget.

Webmaster Forum

WordPress htaccess hacked, redirects to Russian site

How to get tons of traffic: URL submission