Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: My hosting site has been hacked via .htaccess need advice!

  1. #21
    Join Date
    Apr 2008
    Location
    Morgan Hill, CA
    Posts
    1,011

    Default

    Quote Originally Posted by WebDeveloperGuy View Post
    I posted a link to a cleaner.php script and support... unfortunately the post is under moderation because of an external link... All this over-moderation / censorship doesn't encourage me to help here much... I think they know by now I'm not a spammer!
    Sorry for the delay in approving your post. You posted it at 4:07PM and I was away from my computer for a moment and didn't get it approved until 4:40PM.

    While I know you're not a spammer, the forum software doesn't. I'm trying to find out how to take your posts off moderation.

  2. #22

    Default

    No problem Bob... Just gets a little frustrating trying to help others with external links that can explain/support better than I can.

  3. #23
    Join Date
    Jun 2007
    Posts
    16

    Default

    thanks for the link, i shall look into that.

    on a side note, i havn't yet found the cause, but the htaccess files aren't the only things being edited.
    it turns out that *every* php file i look at on my account has its top line of text changed

  4. #24
    Join Date
    Apr 2008
    Location
    Morgan Hill, CA
    Posts
    1,011

    Default

    Quote Originally Posted by WebDeveloperGuy View Post
    No problem Bob... Just gets a little frustrating trying to help others with external links that can explain/support better than I can.
    I've put in a request to the forum admin to bump my mod privileges up a bit so that I can take people off moderation. Until then, I just have to wait for the admin to do it. (Hopefully, that situation will change soon.)

  5. #25
    Join Date
    Jun 2007
    Posts
    16

    Default

    I went threw and deleted all the bad htaccess files that were doing redirects, including one that had all my forwarded domain (thus deleting them).
    Turned out only one site was heavily infected and the other websites only had minor infections.

    The site that was heavily infected I deleted and reuploaded form a backup. The redirects stopped completely.
    Then I started readding the extra domains to the site and the redirects started happening again.

    Used the cleaner form that link. it found nothing.
    Also used the scanner from that link, it also found nothing.

  6. #26

    Default חשמלאי

    i tried that,didnt work :\
    Last edited by Bob Barr; 04-13-2012 at 06:49 PM. Reason: link removed

  7. #27

    Default

    Quote Originally Posted by Bob Barr View Post
    I've put in a request to the forum admin to bump my mod privileges up a bit so that I can take people off moderation. Until then, I just have to wait for the admin to do it. (Hopefully, that situation will change soon.)
    Bob I thought you were the big kahuna here... LOL!

  8. #28

    Default

    Quote Originally Posted by zaroba View Post
    I went threw and deleted all the bad htaccess files that were doing redirects, including one that had all my forwarded domain (thus deleting them).
    Turned out only one site was heavily infected and the other websites only had minor infections.

    The site that was heavily infected I deleted and reuploaded form a backup. The redirects stopped completely.
    Then I started readding the extra domains to the site and the redirects started happening again.

    Used the cleaner form that link. it found nothing.
    Also used the scanner from that link, it also found nothing.
    Either the backup of the site has the virus or the virus is located somewhere else on your hosting account. Last week I checked out my buddies bluehost hosting and his sites were hacked too but were still working fine. I cleaned everything, I thought, but the the index.php files were being rewritten after 30 minutes. Anyway I found two files that I didn't think belonged. There was an .ini file in the root directory that didn't look right, not that I know how it should look. I made a copy then deleted it ( sites still worked fine ). Also there was a .htaccess file in the main root directory ( I don't know the proper name but the directory that holds the directories .cpanel, tmp, public_html, ect... ) that had some code that didn't' look right so I made a copy and deleted it. That stopped any further files from being modified.

  9. #29
    Join Date
    Apr 2008
    Location
    Morgan Hill, CA
    Posts
    1,011

    Default

    Quote Originally Posted by WebDeveloperGuy View Post
    Bob I thought you were the big kahuna here... LOL!
    Nope, I'm just a mod with limited permissions. My main job seems to be deleting the spam threads and posts. (Fortunately, the amount of spam has decreased significantly after the admin put in some anti-spam measures. At one point, I was deleting anywhere between a hundred and two hundred spam posts per day.)

    By the way, I didn't take your previous post out of moderation. Your posts may now be going through without delay. At least I hope so.

  10. #30
    Join Date
    Jun 2007
    Posts
    16

    Default

    no htaccess in root or any other folder except completely empty (0 byte) files.
    no ini files either

    I just noticed that if I go to site without typing a www in the address the site works fine.
    however, if i try to go to the site WITH a www in the address, the message pool ru redirect happens.
    direct linking to pages works fine as well, regardless of whether or not a www is in the address.

    Is there some configuration file somewhere for applying different rules depending on whether or not a www is included in the address?
    Last edited by zaroba; 04-14-2012 at 04:00 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •