WordPress Sites Hacked
However, I discovered that one of my sites was either hacked again, or that I'd missed some of the malicious code. I wanted to post what I'd just found in case it could be of help to anyone.
First, I discovered this .html file in the root directory of my wordpress site:
_vti_inf.html file
Along with that, I found six additional folders added to the root directory: _private, _vti_bin, _vti_cnf, _vti_log, _vti_pvt, _vti_txt. My tech skill are only ordinary, but it appears that the hacker was using frontpage extensions to redirect my site another target site.
I then checked my .htaccess file and found that it had been tampered with. Here is the code I found added:
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
AuthName www.yourdomainname.com
AuthUserFile /home/xxxxxxxx/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/xxxxxxxx/public_html/_vti_pvt/service.grp
I also found a second .htaccess file named .htaccess_back.
Apparently, as mentioned above, the intent of the code is to redirect the visitor away from the correct domain to some other domain. In this case, the redirect was to a Russian sex site.
As the intent of the main warrior discussion forum is to talk about making money, and since having our sites hacked seriously impedes that intention, I've posted this just in case it may be of help to anyone.
Evan
Need help? FreeMarketingGuides.com
Graphic Design Impact: Design Secrets That Sell!
Peace, Roey.
How To Write And Profit From Hot Romance (Kindle Product)