Sorry for the Malware Interruption

Sorry for the Malware Interruption


Well, I guess my site was redirecting visitors to some .ru domain over the weekend. I found a few files in my Wordpress directory and a little addition to my .htaccess that was doing the redirect. But I got rid of everything before I could document it. I do remember there being extra files in the root of my Wordpress install. One called lndex.php, which starts with an l, I almost didn’t recognize the difference and then I realized it looked like there were two index files.

I did manage to save the .htaccess and it has this at the top:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ [R=301,L]

My stats show the dip in traffic starting on Saturday. The .htacess file was redirecting anyone coming from Google, Flickr, etc, to a site in Russia. I would have never noticed it by just navigating directly to my sit except for the fact I use Google Chrome and it gave a big fat, scare the shit out of me warning.

So after cleaning something like this out, it is best to go into your server and check that all of your Wordpress file permissions are set up correctly for security. And change the passwords on all accounts. Although it could be something like a plugin that caused it, but correct file permissions and ownership will do a lot toward preventing a rogue plugin from changing files on your server.

And then there is Google to deal with. More than likely, if I was getting the Chrome warning, I should have something in Google Webmaster Tools waiting for me. And I did.

So I click on the Check Site Health link to get this:

Well I already found out what caused the issue, fixed it and locked it up so it won’t happen again. So it’s time to go into that site’s menu and click on Health in the left side menu and then Malware.

And they made a pretty good guess on what the issue was with the .htaccess file. But I got it fixed, so time to click the Request a Review button and tell them so. I did this 9 O’Clock Sunday night and am holding back on publishing this until Monday morning. Now I just wait I guess.

Update - Google Webmaster Malware Review Works Overnight

I woke up the next morning to no malware warnings from Chrome or Webmaster Tools.

Enhanced by Zemanta

Stephan Miller

Written by

Kansas City Software Engineer and Author

Twitter | Github | LinkedIn