rewiaca

HOLD ON I GOT IT!!!

CHECK YOUR WORDPRESS THEME FOR NEXT FILES AND DIRS:

/inc.php
/timthumb.php
/cache/ (with a lot of external_1f3d51de6d5f7b7e7fca0af8a635a413.php)

If some of your site got this shit, so this is the place where malware comes from.
Just rename (add some symbols in name of file) this files and clean your htaccess files, i suppose all will be well.

timthumb.php has vulnerability!

More information:
https://www.claudiokuenzler.com/blog/206/another-timthumb-wordpress-hack-external-upload-httpd-process

Okey guys, i have same problem so far…
Nothing helps

BTW: not only wordpress was hacked, i have websites on DLE and Livestreet, they also have that htaccess annoying replacing. SO ITS NOT WordPress vulnerability!

If i could only trace what script editing htaccess, maybe some kind of server logs?

Solution:
1. Chmod .htaccess from 444 to 666
2. Check .htaccess and remove lines in up and bottom of document.
3. Chmod .htaccess from 666 to 444

works for me

this shit was in htaccess:
for seo:

[Code moderated as per the Forum Rules. Please use the pastebin]

Solution:
Chmod .htaccess from 444 to 666
Check .htaccess and remove lines in up and bottom of document.

BUT! Im cleanin htaccess file third time a day. WordPress core or some plugins has vulnerability. Need qualified advice