Malware Hack


#1

My customer’s site www.datecreekranch.com got hacked and flagged as a malware site by Google. Its a WordPress installation.

I’ve been waiting for over two days for the Dreamhost “security team” to contact me. My initial support request got a response and they supposedly reset the .htaccess file. But the redirect/malware problem continued.

SO- I got brave and downloaded the new .htaccess file. Of course then I had to find a way to make this file visible in Mac Lion (downloaded the free app DesktopUtility from http://sweetpproductions.com/). After I could see the file ( the leading dot obscures it in Lion) I opened it in TextMate, and low and behold, scrolling waaay down revealed the malicious redirects which I deleted. Then, since I ran into permissions trouble FTPing this newly cleaned file, I removed the “dot”, uploaded, then renamed on the server.

Still getting the malware warning from Google in Safari. Have requested a review. FF & Chrome are not giving a warning, but pages not found beyond home page… will try to work on that!

Posting here to share my efforts, glad to hear of any additional advice.
[hr]
FF & Chrome now showing the malware warning … hmmm.


#2

See also http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites

When a site is hacked there are two important things to consider: 1) Cleaning up the damage and 2) finding and plugging the security hole that allowed the corruption to be introduced.


#3

Yes. Its back up now (yay!!) but now to find how to prevent another occurrence - thanks for the link.