So yesterday I had a problem, apparently some of our sites where hacked, they where redirecting to a Russian site... After checking some things my boss found that the main problem was caused because someone changed the .htaccess files on CakePHP and Wordpress. We restored those files quickly and I was looking at how it had been done. It was somewhat stressful.
After "resolving" that I had to work on some other things and didn't find what could possibly be the problem. I backed up everything (I usually back up the Database every week) and made sure everything was working properly, and checked every now and then that the sites where working normally.
Today I was checking if everything was working again and it was... though I decided to check the .htaccess files and they where changed... again... but they weren't redirecting.... I restored everything as quick as I could and decided to check some other sites that aren't being used.
In one of those I found something weird, a lot of files that I didn't recognize, so I was checking file by file. It was on an old Wordpress site that I don't develop... I don't even know if it is used, but it probably was the backdoor that made this whole mess possible. I checked every file and the ones that didn't look like they belonged to Wordpress I renamed and moved to another folder.
Now my boss is updating every site that uses Wordpress to make sure that this doesn't happen... I just hope that that was the problem, lol. If not... I'll have to look at it again XD
No comments:
Post a Comment