If you had so much time on your hands that you thought “hey… i wonder what’s up with that guy who did three episodes of alf with no sleep and totally heartbroken, I think I’ll look him up on the google!” and figured out my name (dean cameron) and clicked a link to https://www.deancameron.com, you were redirected to either download a virus or visit sweepstakesandcontestsinfo.com.
Why was that?
Because some bastard in the former soviet union decided to hack every site I have hosted on dreamhost.com.
were all victims of this dongface.
It began back late November and I finally got everything wiped for good today. The final bit being this line in my .htaccess file:
RewriteRule .* http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555 [R, L]
If you have hit this page because you’ve been snagged with this problem, try the steps below. If those don’t work, send me an email and maybe I can help you out. My email address is my first name and this site name. It’s also the way you can paypal 20 bucks to me if the steps below help you out.
I used Transmit & TextMate to fix everything, but you can use whatever FTP & text editor you like, obviously. In your FTP program, navigate to each directory, select all the files that can be edited with a text editor (that means no images…duh) and then “Open With…” and select whatever text editor you’re using.
New WordPress Themes
There were new wordpress themes created. That was two days ago and I’ve forgotten what they were called. Sorry. They started with the letter “V”. Shoulda written it down. Get rid of those themes. You weren’t using ’em anyway and they actually contain a backdoor script (heh) to do all sorts of crappy stuff to all sorts of innocent peeps.
Weird Files & Weird File Names
Check for a bunch of files created on the same date. Look at those. Some will be named ‘ted_hammer.php’ or ‘flixxypo.php’. They are files that have their names generated by a bot using some sort of dictionary concatenating the words to create a file name (ted_hammer.php) or just creating a filename with some other sort of rule (flixxypo.php). They probably have a bunch of gobbledygook (that’s a technical term for ‘whatchamadingies’). Remove those files.
Redirect Code In Every File
Then, go through each and every file you have and check the last line for the url your site is being redirected to. (http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555) remove that line and any surrounding code and you’ll be fine. Go through all of your themes, when doing this step, ass well.
Redirect Rule In .htaccess
To see your .htaccess in Transmit, select: View/Show Invisible Files. It’s in the main directory of your site. You will probably see this bit:
RewriteRule .* http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555 [R,L]
Get rid of it.
Then, change your password.
You have your site back… Until they do it again.