Malware Hack Reinfecting htaccess file

  • 4 days ago 3 of my websites were infected with malware. One was picked up by Google and is now flagged for avoidance.

    I have spent hours upon hours fixing this problem, yet every time the .htaccess files are reinfected with redirects to a Russian site of some description.

    – When I cleaned the sites I changed all the passwords for FTP, site admin, and database. I deleted cookie logon function by resetting WP secret keys. I installed Bulletproof Security to protect .htaccess and my wp-config folder. This hasn’t worked, they just bypass it. The hackers also won’t let me resave the file when i delete their hack, instead making me have to download the file and then upload it clean.

    – I thought the hack had come through filezilla. So I stopped cleaning through that and instead started using Go Daddy file manager to clean the reinfected .htaccess flles. But no, reinfection within 7 hours. Go Daddy, as per usual, don’t have a clue what I should even be looking for.

    – I also installed site DB backups but that didn’t make a difference. Neither did the plugin upgrades or WP upgrades I did when the sites were clean, which they were because i scanned them at sucuri.net.

    – I have scanned every line of php for bad code using the advice on forums like this one and blogs, etc. I can’t see anything untoward and just don’t know what to do. As far as I can see this is purely the .htaccess file that is getting attacked. I have even completely deleted the file yet they keep putting a new one in.

    – one thing i find strange is that it only attacked these 3 sites. I have 3 other WordPress sites on the same hosting that it hasn’t affected. I have a feeling it got to my root site first and worked into the others, but then I don’t know how these things work so i am probably wrong. Could there be one file in the root that is triggering all this?

    If anyone here has any clue what i should be looking for or has experienced something similar i would greatly appreciate any advice. I can’t afford to shed out $100 each for a site clean, hell, the sites are more sentimental than valuable. If someone knows exactly where are what to look for that would be awesome.

    Thank you.

Viewing 16 replies (of 16 total)
Viewing 16 replies (of 16 total)
  • The topic ‘Malware Hack Reinfecting htaccess file’ is closed to new replies.

Tags