Wordpress/Joomla .htaccess injection - HELP! - Webmaster Forums - Webmaster forum for HTML, PHP, ASP, CSS and more
Webmaster Forums - Webmaster forum for HTML, PHP, ASP, CSS and more
Go Back   Webmaster Forums - Webmaster forum for HTML, PHP, ASP, CSS and more > Webmaster Tech > Web Application/Script Support

WebmasterForums.com is the premier Forum on the internet. Registered Users do not see the above ads.
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 03-21-2012, 11:02 PM   #1 (permalink)
Junior Member
 
Join Date: Mar 2012
Posts: 4
Question Wordpress/Joomla .htaccess injection - HELP!

I have two domains on the same shared host. Domain1 is running Wordpress 3.3.1 and Domain2 is running Joomla 2.5.3. Both have fresh-installed/updated plugins & themes.

Over the past hour both domains .htaccess files have been modified to include redirects to h**p://solidso.ru/mnp/index.php?Ia twice.

Both files were chmod 444.

The shared host is Webhostinghub.com - I've contacted their support and they suggested I change my passwords (which I had already done prior to the last attack) and update the CMSs (which they are). They sent me a couple links ( h**p://en.wikipedia.org/wiki/Code_injection ) and ( h**p://en.wikipedia.org/wiki/Remote_File_Inclusion ) stating that they contained information on how to prevent injections, which they do I guess, but being that I'm not the developer of these CMS/plugins I do not see how this helps me...

I cannot find any suspicious entries in either domain's error log or access log files.

If this IS some form of injection, wouldn't I at least see a POST statement in the access logs from a different IP than my own?

Any suggestions on what I should do to prevent future attacks?


Edit:
This has now happened a 3rd time - I last left domain1's .htaccess chmod set to 644, it has reverted to 444 after it was hacked... This seems to be something automated & set on some sort of schedule.

Am getting really distraught, what do I do??....


Edit 2:
I found a strange looking wp-sys.php file in domain1's root directory. I've deleted it - keeping fingers crossed...

Last edited by shadal; 03-22-2012 at 12:26 AM.
shadal is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 03-22-2012, 02:32 AM   #2 (permalink)
Junior Member
 
Join Date: Mar 2012
Posts: 4
Default Re: Wordpress/Joomla .htaccess injection - HELP!

It's still happening - I'm gonna cry
shadal is offline   Reply With Quote
Old 03-22-2012, 06:35 AM   #3 (permalink)
Regular User
 
Join Date: Oct 2010
Location: Romania
Posts: 13
Default Re: Wordpress/Joomla .htaccess injection - HELP!

You should really change your passwords.
flamescorpion is offline   Reply With Quote
Old 03-22-2012, 01:37 PM   #4 (permalink)
Junior Member
 
Join Date: Mar 2012
Posts: 4
Default Re: Wordpress/Joomla .htaccess injection - HELP!

Quote:
Originally Posted by flamescorpion View Post
You should really change your passwords.
I have done that with all of my sites 3 times already.

This is no longer just happening to two of my domains, but ALL of my .htaccess files throughout my account. And where there arn't .htaccess files, new ones are created.

The redirect seems to change on occassion, always to a .ru site though. This morning I woke up to visit one of my domains only to have it install a virus (which I'm having a very difficult time removing now from my main computer)...

I'm now deleting one domain/directory off the server at a time, until the hack stops. This should tell me the last domain I delete should contain the rouge file.
shadal is offline   Reply With Quote
Old 03-27-2012, 11:17 AM   #5 (permalink)
Junior Member
 
Join Date: Mar 2012
Location: Sarasota FL
Posts: 3
Default Re: Wordpress/Joomla .htaccess injection - HELP!

That's because there is a backdoor on one of your sites that needs to be removed. The .htaccess files will continue to be overwritten until that is located and removed. Look for files that have code like "/x65 /x84..." or "eval(base64..." or "FilesMan" in them somewhere. They usually obscure the code so it's not easy to locate.
MalwareRemovalService.com is offline   Reply With Quote
Old 03-27-2012, 01:31 PM   #6 (permalink)
Junior Member
 
Join Date: Mar 2012
Posts: 4
Default Re: Wordpress/Joomla .htaccess injection - HELP!

Thanks MRS, that's exactly what the problem was...

After spending a day taking one domain offline at a time until the hack finally stopped, I was able to track down which domain (A Joomla one) contained the culprit.

I've since reuploaded all other domains and have installed everything fresh on the domain that got hacked.

Thanks for the tips!

I still can't believe that I wasn't able to find any suspicious activity in my log files - grr!
shadal is offline   Reply With Quote
Old 04-16-2012, 03:05 AM   #7 (permalink)
Regular User
 
Join Date: Feb 2012
Posts: 16
Default Re: Wordpress/Joomla .htaccess injection - HELP!

I also had the same problem.
krysty is offline   Reply With Quote
Old 04-21-2012, 09:35 AM   #8 (permalink)
Junior Member
 
Join Date: Apr 2012
Posts: 4
Default Re: Wordpress/Joomla .htaccess injection - HELP!

Hi shadal,

do you mind telling what exactly was the weak point? Some plugin, module etc..
I work with Joomla on daily basis, never had such an issue yet. But you never know. So, your info may help to protect my sites better.

Just registered here because of your topic.
Thanks.
mizu is offline   Reply With Quote
Old 06-01-2012, 05:04 AM   #9 (permalink)
Regular User
 
Join Date: Mar 2012
Posts: 18
Default Re: Wordpress/Joomla .htaccess injection - HELP!

Hi

You try installing wordpress plugin to maintain individuality of one site with another on same shared host.
And ask that hosting provider to give you complete control panel .


Regards
Tanya Dimple
tanya.dimple is offline   Reply With Quote
Old 06-17-2012, 10:34 AM   #10 (permalink)
Junior Member
 
Join Date: Jun 2012
Posts: 2
Default Re: Wordpress/Joomla .htaccess injection - HELP!

hi shadel, still have the problem?
04rubin is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



» Advertisement

» Advertisement

» Affiliates
Web Hosting
Online Backup Reviews
Marketing Find
Merchant Select
SiteMap Builder
Host Compare

» Advertisement

» Sports Network
Paintball Forum
Football Forum
Hockey Forum
Golf Forum
Boxing Forum
Lacrosse Forum
Baseball Forum
SnowBoarding Forum
Soccer Forum
MMA Forum


All times are GMT -4. The time now is 03:42 AM.


Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.2
Webmaster Forums
Web Hosting | Chicago Web Hosting | Web Hosting