Hostgator hosting and phishing scripts

Mr. Deleted · May 27, 2015

I have a reseller account there at HG, and have had it for years, so I can set up multiple sites without issue, but I keep getting these phishing scripts on my domains, the support, if they find it, will charge me for finding and remove it, if they find more than 1 in 6 month, well I have found 2 this week on my domains. I deleted them before the support finds them, but I wish there was a solution

I had a bandwidth error last night on one of my domains, and when I checked, it was due to another phishing script, and I deleted it, and changed my password again.

thehostdir · May 28, 2015

Are those wordpress sites ? most important factor for wp is to update it to latest stable version second avoid unnecessary free plugin installation. I have reseller accounts with Rshosting they help me with any such issues without any charges. Hostgator has really gone downhill from its purchase since then I am happy to use rshosting. They regularly update me incase their is any issue and help me fix it for free.

Mr. Deleted · May 28, 2015

Not all of them were WP sites, but most of my sites are WP. I have Infinite WP to keep them all up to date, but the one that they found today (3rd script this week) was on Grandpa.info, a non-wp site. So I get that WP may be vulnerable, but with Grandpa, it was not. I dont know, do I have to manually check 30 sites daily to remove the crap they upload?!

Tia Wood · May 29, 2015

My only advice would be to get away from HostGator. Their quality has gone way day since being sold to EIG. I was with them for years but left due to quality/server degradation about a year after EIG took over.

Mr. Deleted · May 29, 2015

Thanks Tia, yes I have considered it, but have not made the move yet. I have found a .htaccess code to add that is supposed to help with blocking sql injections. Wish it could be made into a wp plugin.

thehostdir · May 30, 2015

Can you share that article or .htaccess rule this will surely help others on this forum who are facing such issue.

Mr. Deleted · May 30, 2015

Code:

ErrorDocument 404	 /
ErrorDocument 404 [URL]http://www.slabaugh.org[/URL]

# BEGIN WordPress

# WPhtC: Disable directory browsing
Options All -Indexes

# WPhtC: Setting 403 Error page
ErrorDocument 403 [URL]http://www.slabaugh.org[/URL]

# WPhtC: Protect WP-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

# WPhtC: Protect .htaccess file
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
</files>

# WPhtC: Protect comments.php
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.[URL]http://www.slabaugh.org[/URL]. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^[URL]http://%{REMOTE_ADDR}/$[/URL] [R=301,L]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# Prevent folder browsing
Options All -Indexes

Code:

ErrorDocument 404 /
ErrorDocument 404 http://www.slabaugh.org

This part just a basic redirect for any 404, and

Code:

ErrorDocument 403 /
ErrorDocument 403 http://www.slabaugh.org

That is a basic one for a redirect that helps with when a user is on a "forbidden" folder. You can do that for any error code. You can redirect it to any error page that way.

Code:

# Prevent folder browsing
Options All -Indexes

or

Code:

# WPhtC: Disable directory browsing
Options All -Indexes

This is supposed to prevent the sql injections. I added a plugin, that seems to have done the same thing in the above code, only worded different, so you can choose how you want to do that one.

Code:

# WPhtC: Protect comments.php
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.http://www.slabaugh.org. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

This is supposed to protect against spam sql injections into your blog's comments.

The following I am not sure about, but I think they were made be the plugin. It seems have some rewrite effect for the files requested.

Code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

To protect the config file. This I think is pretty important, as it is the one that has your database in it.

Code:

# WPhtC: Protect WP-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

And of course, protect your .htaccess file to stop any changes to be made from outside sources.

Code:

# WPhtC: Protect .htaccess file
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
</files>

WP Htaccess Editor - add this to edit your .htaccess file
www.infinitewp.com - add this to manage a large amount of wp sites. You can push the wp editor plugin onto all your sites once you have all the sites on the IWP. You can also push a plugin for seo etc on them all that way.