joined:May 9, 2008
As the title describes, I have a virus/hijack code on my hosting (Servage).
I think it was placed there by an ftp hack, although I am not entirely certain of this. I would really appreciate some help in sorting the problem.
There are roughly 20 domains on my hosting. All are now locked to one single ftp account for which I have changed the password.
The problem mainifests itself by changing the htaccess files of all domains running php websites (Mostly wordpress installations).
The htaccess files are injected with code which hijacks peoples browsers and redirects them to virus and scareware sites.
The problem is rectified by me cleaning the htaccess files on each domain and removing the injected code.
However, after several days the problem reoccurs and all the htaccess files are reinjected with the php code. Also the top level root file also gets a hataccess file placed in it which redirects all the domains to the scareware sites.
Im guessing that the way forward is to clean every domain on the hosting. This wont be too difficult as Im pretty familiar with cleaning wordpress installations. My main concern/ question is - How is this problem able to place a htaccces in the root folder, do you think the ftp is still comprimised ? also If I clean each domain one at a time, is it possible for another domain to reinfect the cleaned one ?
If the moderators move this to another board could you please let me know so that I know where to look on my return.