jhonm
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: My sites forward to a Hydra Onion page (When using curl)Hey,
Yep, reinstalling it (Using the WordPress admin UI) worked instantly because it removed some malware that was installed. I am using a multi site deployment but that should not make a difference I think.
However, after a couple of days the problem reoccurred because there was another piece of malware that I had not found yet offering a full web shell to the hackers, allowing them to reinstall the feed overwrite.
Since then I have located the webshell malware, removed it and my site has ben “good” ever since. (I never was able to find the exact spot where the rss feed got corrupted. Since reinstalling WordPress solved that issue, I did not need to find that.)
To find it, I looked through the apache log file for the WordPress site to find “weird” filenames that were accessed and I found a file called “ltooju.php” in the web root. The filename does look like it is auto generated and randomized though, but take a look at your web root for any weird names.
Wkr,
Jhon
Forum: Fixing WordPress
In reply to: My sites forward to a Hydra Onion page (When using curl)SOLVED
Closing the loop:
I was able to fix this using the “reinstall WordPress” option in the update section of the admin portal for my network installation.
After the reinstall, the Russian forward is gone. 🙂
- This reply was modified 4 years, 8 months ago by jhonm.
Forum: Fixing WordPress
In reply to: My sites forward to a Hydra Onion page (When using curl)Yea,
I was afraid of that. I was hoping that maybe someone ran into this already and could point out the nasty files. 🙂
I’m pretty sure this came with a plugin, even though I only use supported plugins that have a large following… 🙁
Thanks for taking a look!
Jhon