1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Redirect issue

Discussion in 'Site & Server Administration' started by Ian, Apr 13, 2015.

  1. #1
    I had an issue where a compromised plugin on Wordpress allowed a user to get access to insert a malicious script that is causing an intermittent redirect to an inappropriate site. I've deleted every filesystem folder, and re-uploaded files from a brand new download after going through each one looking for anything malicious, and the files are all clean. There are no .htaccess files that are compromised, the databases don't appear to having anything malicious, etc.

    Is there any other place else on the server I should be looking higher up above the filesystem? Could there be anything in the /conf folders, etc.? This redirect has been almost exclusively affecting mobile devices and macs - so I haven't been able to recreate it.
     
    Ian, Apr 13, 2015 IP
  2. jeremym80

    jeremym80 Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #2
    Is it possible they were able to edit the DNS, or maybe its a browser cache issue and you just need to clear your browsers cache?
     
    jeremym80, Apr 13, 2015 IP
  3. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #3
    Any direct access should be coming from the web server level. Theoretically, if a hacker has access to your account they could create a cron job and run a script from locations above the publicly accessible web root folder. In your database, just look for iframes and any rogue javascript. Other than that, I think you've done what you should.
     
    billzo, Apr 13, 2015 IP
  4. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #4
    Here's what you do - you wipe EVERYTHING - database, files,everything. Then you reinstall and reupload only things you know are safe. That's the only way to be sure (and even this will only take care of anything inside the web-folder - if anything is running with hightened access outside the root of the webfolder, then you're in a bit of a mess).
     
    PoPSiCLe, Apr 13, 2015 IP
  5. kimix

    kimix Member

    Messages:
    46
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #5
    Before doing an OS reload you'll need to check the logs to understand the issues you're facing. You can reload the server but if you don't know the cause of the issue then changes are that you'll have issues again as whoever had access to your sites/server will try to do that again.
     
    kimix, Apr 17, 2015 IP
  6. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #6
    Granted, I didn't suggest an OS reload - just a web-reload - ie, software running on the webserver, databases etc. I wasn't suggesting a complete OS-recovery, although that is of course the only way to be completely sure that everything is wiped.
     
    PoPSiCLe, Apr 17, 2015 IP
  7. pmf123

    pmf123 Notable Member

    Messages:
    1,447
    Likes Received:
    75
    Best Answers:
    0
    Trophy Points:
    215
    #7
    I would install Anti-Malware from GOTMLS.NET and do a full scan with that for a start
     
    pmf123, Apr 21, 2015 IP