: What malware inserts a .htaccess redirect to Adf.ly? I am hosting a few websites for customers, and a bunch of them have been hacked today. The hack consists of a simple .htaccess file that
I am hosting a few websites for customers, and a bunch of them have been hacked today. The hack consists of a simple .htaccess file that redirects to adf.ly.
This is the second time I have been affected by this. What malware does this?
More posts by @Welton855
1 Comments
Sorted by latest first Latest Oldest Best
I'm not aware of any specific identified malware that can be attributed to for this attack, however this kind of behaviour is not uncommon from malicious code inserted into third-party plugins for popular CMS's such as WordPress. People download and install these plugins for the advertised features they offer to sometimes later find that the plugins had been adapted from their original state, and malicious code inserted giving attackers the ability to take over your website. Since redirectly all your visitors to adf.ly generates a revenue stream for them it fuels the creation of more and more adapted or patched plug-ins.
How to avoid this?
Only download third party plugins from trusted websites, i.e. the official WordPress repository, or directly from the vendor's website for premium third party plugins.
Check through the source code of any third party plugins before you install them to ensure malicious code has not been inserted. To help, try searching for add_action, base64_decode, curl_exec, eval, gzinflate, mail, set_role, wp_create_user, wp_mail. Use of these does not necessarily mean malicious intent but could warrant closer inspection of the source code.
Regularly check your web server software and CMS software is kept patched up-to-date to ensure your website is protected from known vulnerabilities.
Suggested reading: Securi Blog - Unmasking Free Premium WordPress Plugins
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.