An Infected Web Site

A new client contacted me last week with a security issue where visitors could type in the name of their web site and visit OK, however if they went to Facebook first and then clicked a link to their web site they were instead redirected to an unsafe web site.

search-box

My first hunch was that their WordPress site was infected but then I did some more Google research on the malware address of search-box.in and found that this was often caused by an infected file called .htaccess

.htaccess

Once I received the credentials to login to the client site with ftp (File Transfer Protocol) I found that indeed the .htaccess file was infected with the following lines of code:

search-in

The fix was to remove these lines and upload the clean .htacess file.

This infected file would redirect web visitors that clicked links from several popular locations on the web: Google, Live, Aol, Bing, Mail, News, YouTube, Twiter, MySpace, Facebook, Maps, Flickr and Yahoo.

Security

To prevent this from happening you should keep your ftp and WordPress passwords difficult to guess and only install WordPress plugins from sources that you trust.

Leave a Reply