Page 1 of 2 12 LastLast
Results 1 to 20 of 26
  1. #1
    Aidan90's Avatar
    Aidan90 is offline Private Member
    Join Date
    September 2015
    Posts
    429
    Thanks
    108
    Thanked 149 Times in 110 Posts

    Default Issue with WordPress Website Redirecting

    Hi All,

    Not sure if this is the best place to post this but I've had some issues with my site redirecting to a third party spammy bonus site.

    I've tried to pinpoint the cause but struggling to find it.

    It doesn't happen every time, only occasionally and tends to happen on a click from a Google search result for my brand name or from a social link.

    Every time I think I've got rid of it, I end up seeing it again a few days later. It's been happening about a week now.

    Firstly, I'd be grateful if anyone could let me know if this has happened to them while trying to access my site and of course any recommendations on how to solve it for good would be great.

  2. #2
    newcustomeroffer is offline Public Member
    Join Date
    January 2018
    Location
    United Kingdom
    Posts
    96
    Thanks
    9
    Thanked 39 Times in 25 Posts

    Default

    Quote Originally Posted by Aidan90 View Post
    Firstly, I'd be grateful if anyone could let me know if this has happened to them while trying to access my site and of course any recommendations on how to solve it for good would be great.
    Just accessed your site via google and it was fine.

    Had something very similar on a non-gambling site a few years back where the .htaccess file got hacked. Replaced the .htaccess and changed all the FTP details and it went away. That was an html site though so maybe something different causing it via wordpress. Best of luck sorting it.

  3. #3
    ddm
    ddm is online now Public Member
    Join Date
    July 2006
    Location
    Chilling in Barcelona
    Posts
    676
    Thanks
    188
    Thanked 195 Times in 127 Posts

    Default

    your site is hacked 100% @ OP. What is the URL ?
    ----

  4. #4
    Aidan90's Avatar
    Aidan90 is offline Private Member
    Join Date
    September 2015
    Posts
    429
    Thanks
    108
    Thanked 149 Times in 110 Posts

    Default

    www.footballbetprofit.com

    Quote Originally Posted by ddm View Post
    your site is hacked 100% @ OP. What is the URL ?

  5. #5
    tufty is offline Public Member
    Join Date
    November 2016
    Posts
    104
    Thanks
    29
    Thanked 73 Times in 44 Posts

    Default

    Quote Originally Posted by ddm View Post
    your site is hacked 100% @ OP. What is the URL ?
    Unfortunately this is true. 100% it has been hacked. Don't ignore your issue because the problem doesn't always happen. You need to clean the site or get an expert to do it or a trusted plugin to do the job. Others may advise the best plugins better than me. I had similar problem myself and the plugins I used only did part of the job.

  6. #6
    Aidan90's Avatar
    Aidan90 is offline Private Member
    Join Date
    September 2015
    Posts
    429
    Thanks
    108
    Thanked 149 Times in 110 Posts

    Default

    Yes I was pretty sure that was the case. I've installed a couple of security plugins and been ruthless with deleting any files they have flagged as being suspicious. It's just really difficult to know whether it's been fixed or not when it doesn't happen constantly.

    I removed some suspicious code from my wp-config file earlier and I've not had the issue reoccur since then but not convinced.

    I'm at the point now where if it happens again I'm going to have to pay someone or some software/plugin to fix it for good.

  7. #7
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,575
    Thanks
    1,587
    Thanked 7,272 Times in 4,615 Posts

    Default

    I hope you changed the ftp and all word press passwords


    Rick
    Universal4

  8. #8
    sweetbet's Avatar
    sweetbet is offline Private Member
    Join Date
    November 2012
    Posts
    2,771
    Blog Entries
    5
    Thanks
    886
    Thanked 1,558 Times in 1,072 Posts

    Default

    It sounds like it's definitely been hacked. Personally, I would delete and re-create the hosting account before uploading the backup files. You might also want to significantly beef up your website security. I had to do the same thing to some of my sites last year. It's more annoying and time consuming than anything else. Also, as far as securing your website goes, the Wordfence WordPress security plugin is a must have for everyone running a wordpress site.
    Sweet Bet - Reviews of reputable online casinos, poker sites, sportsbooks & bingo halls
    USA Online Casinos | Canadian Online Casinos | Bitcoin Casinos | Live Dealer Casinos | Free Spin Casinos | US Online Casinos | Just HODL Crypto

  9. #9
    DanHorvat's Avatar
    DanHorvat is offline Private Member
    Join Date
    November 2008
    Location
    Actual location may vary.
    Posts
    1,848
    Blog Entries
    2
    Thanks
    1,255
    Thanked 1,261 Times in 741 Posts

    Default

    If you found and deleted suspicious code (that is doing the redirect), there's probably a file that's producing that code and is putting it into files. You need to find and delete that master file to fix this. That's why the problem can reappear even after you delete the suspicious code.

    Look into your MySQL database as well, as it probably has malicious code in it.

    If your hosting provider has a backup that's from a time before the hack, just ask them to restore that backup for you. Copy all the articles you posted in the meanwhile and then manually publish them again.

  10. The Following User Says Thank You to DanHorvat For This Useful Post:

    -Shay- (16 November 2019)

  11. #10
    baldidiot is offline Private Member
    Join Date
    January 2010
    Posts
    4,045
    Thanks
    397
    Thanked 1,829 Times in 1,192 Posts

    Default

    Simply deleting files isn't likely to totally get rid of the problem - I would just pay 100 bucks to a security company to properly scan the site and then fix it for you. Will be a lot faster and a lot less of a headache.
    onlinegamblingwebsites.com - Formally known as goodbonusguide.
    baldidiot.net - Baldys affiliate blog. Will get updated one day. Maybe.

  12. The Following User Says Thank You to baldidiot For This Useful Post:

    -Shay- (16 November 2019)

  13. #11
    Aidan90's Avatar
    Aidan90 is offline Private Member
    Join Date
    September 2015
    Posts
    429
    Thanks
    108
    Thanked 149 Times in 110 Posts

    Default

    First of all, big thanks to everyone for their comments and suggestions, this community is really great.

    I've discovered and deleted the file that was adding the code to the wp-config file which was hidden in a plugin.

    I've installed the Wordfence and Securi plugins to scan for any further changes and have changed all passwords.

    Any re-occurrence from this point and I'll be contacting an expert straight away.

  14. The Following User Says Thank You to Aidan90 For This Useful Post:

    Strider1973 (18 November 2019)

  15. #12
    ufebetting's Avatar
    ufebetting is offline New Member
    Join Date
    April 2018
    Posts
    7
    Thanks
    2
    Thanked 1 Time in 1 Post

    Default

    What's the problem? infected popup? if so, delete the file wp-tmp. also your website is very slow. I recommend wp cache extension.

  16. #13
    Aidan90's Avatar
    Aidan90 is offline Private Member
    Join Date
    September 2015
    Posts
    429
    Thanks
    108
    Thanked 149 Times in 110 Posts

    Default

    It was the Insert Headers and Footers plugin that was infected. No signs of re-occurrance yet.

  17. The Following User Says Thank You to Aidan90 For This Useful Post:

    ufebetting (19 November 2019)

  18. #14
    ddm
    ddm is online now Public Member
    Join Date
    July 2006
    Location
    Chilling in Barcelona
    Posts
    676
    Thanks
    188
    Thanked 195 Times in 127 Posts

    Default

    good stuff. hoping your disease is cured!
    ----

  19. The Following User Says Thank You to ddm For This Useful Post:

    Aidan90 (19 November 2019)

  20. #15
    baldidiot is offline Private Member
    Join Date
    January 2010
    Posts
    4,045
    Thanks
    397
    Thanked 1,829 Times in 1,192 Posts

    Default

    Quote Originally Posted by Aidan90 View Post
    It was the Insert Headers and Footers plugin that was infected. No signs of re-occurrance yet.
    Was the plugin up to date? If so you might want to report this to the plugin developer.
    onlinegamblingwebsites.com - Formally known as goodbonusguide.
    baldidiot.net - Baldys affiliate blog. Will get updated one day. Maybe.

  21. #16
    PromoteCasino is offline Private Member
    Join Date
    June 2013
    Location
    London
    Posts
    1,012
    Thanks
    908
    Thanked 471 Times in 312 Posts

    Default

    Quote Originally Posted by Aidan90 View Post
    It was the Insert Headers and Footers plugin that was infected. No signs of re-occurrance yet.
    What was the dodgy code mate? Just, realized I have that plugin installed?
    Betting Offers in the UK - Latest offers and bonuses from reputable UK bookmakers. A New project underway but a long way to go Bookie Rewards

  22. #17
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    955
    Thanks
    111
    Thanked 569 Times in 332 Posts

    Default

    I had an older WP site get hacked and ive been tracking it down, pretty insane amount of work these scripts go though, but if you want to see an entry point I made a script to log all post events, im actually running this along with wordfence now and its very interesting the amount of base64 attacks you see attempted on themes, plugins ext..

    if you want to see try this, beware though if you actually authenticate (log in) it will record your login in the log and you do not want that info out there so be sure to delete it if you do.. I added a mylogin you can exclude name but password will still appear!

    Place this at the top of config file and create mylogfile.txt file in same directory
    Code:
    $mylogin ="Your Username";
    $date = date('m/d/Y h:i:s a', time());
    $filename = "mylogfile.txt";
    $actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
    $text = "";
    if ($_POST){
    foreach($_POST as $key => $value)
    {
        if ($value != $mylogin){
           $text .=  "\n post - ".$date ."\n".$actual_link."\n".$key." : ".$value."\n";
        }
    }
    file_put_contents($filename, $text, FILE_APPEND | LOCK_EX) ;
    }
    Last edited by allfreechips; 19 November 2019 at 4:27 pm. Reason: fixed the !== to !=

  23. #18
    affsbay's Avatar
    affsbay is offline Public Member
    Join Date
    July 2019
    Posts
    16
    Thanks
    9
    Thanked 7 Times in 7 Posts

    Default

    If you are sure that you got rid of all the virus code just make a backup then you can easily fix your site (if it's happens again) and don't have to search virus in every file. You can scan the backup as well to be sure that it is clean

  24. #19
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,575
    Thanks
    1,587
    Thanked 7,272 Times in 4,615 Posts

    Default

    allfreechips, I have not looked very close at what you wrote, and you state you don't want the login info "out there", but can you move the logfile outside of the web so that it can only be accessed while on the root web server?

    Rick
    Universal4

  25. #20
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    955
    Thanks
    111
    Thanked 569 Times in 332 Posts

    Default

    of course you can, but if php can write to it, a hacker can get to it..

    you could change the write to an email, but you will get a lot lol.. many many base64 attacks, so much that ill prob kill any post that has a 'base64' in the value
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •