[Solved] 404 Error though there is a Valid index file with .htaccess

[msbsurfi]

Hello,

My WordPress site hhfn.org.bd shows a 404 error from 2 days though I haven't changed anything there in last few weeks. And surprisingly hhfn.org.bd/wp-admin is accessible and functioning. I tried changing the theme, deactivating all plugins, creating a fresh .htaccess and reviewing file permissions, but no improvement at all.

 

All I did is, synced my Google drive files with Heliohost using multcloud. The files will go to another folder hhfn.helioho.st . So I think there is no possibility to change the content of hhfn.org.bd. 

But I am suspecting some malicious activity, may be from Multcloud, that yesterday traffic usage for hhfn.org.bd was 300-400 MB, but today it is raised to 12GB. But the site is not accessible, so how the large traffic came overnight. And it is surely unusual from my experience of last few months. 

Can you please investigate the problem? I think I have done all investigation from my side. If I miss something to do, please tell me what should be done.

 

Regards,

MD Shifat Bin Siddique 

 

[msbsurfi]

The issue is solved. There were some infected files. I don't know how that happens. Wordpress integrity checker tool in plesk helped me find the issue and to solve it. 

[msbsurfi]

Admins can you please investigate the Trafiic issue? It is now 16 GB 

[MoneyBroz]

4 hours ago, msbsurfi said:

Admins can you please investigate the Trafiic issue? It is now 16 GB 

Escalating so a root admin can investigate this....

[wolstech]

Your Wordpress install got hacked...unsurprising considering it's infamous for this. This is one of the many reasons we highly recommend avoiding Wordpress. The best course of action is to reinstall WP (or even better, replace it with something that's not Wordpress).

Also, you blocked Googlebot in htaccess (that 66.249 IP is Googlebot) yet allowed it in robots.txt...all those 403 errors do count as traffic since it has to send a few KB for the 403 error. I just added a disallow for it in Robots.txt...once it sees that it should just give up. If you want to allow it again, remove the Disallow section in robots.txt, and also unblock the 66.249 range in .htaccess 

I did delete a bunch of malware from the root of hhfn.org.bd, and your CPU looks like it dropped off. There's nothing running on your account at the moment. That said, unless the security issue in WP is fixed, they'll just re-hack your account shortly.

[msbsurfi]

The installation somehow got hacked by ftp access? I recently entered my account credentials to multcloud. 

I blocked google bot as I see it was continuously hitting the site. But I don't know if it got stuck in a loop. I have already Changed account credentials. Should I make the wp-admin directory password protected until I take some steps? I just want to keep my site live to visitors.

[wolstech]

No, the FTP access and multcloud stuff has nothing to do with being hacked.

Wordpress or one of its plugins has a security vulnerability that was abused by a hacker to get in and plant the malware files. WP is well known to be full of security issues. Keeping it up to date and not using themes and extensions from questionable websites (some dubious sites offer "free" themes and extensions that include a backdoor) can help with this, but just not using WP is the only surefire way to prevent its exploitation.

[msbsurfi]

I have deleted the wordpress and uploaded static files. Can you please ensure me that now my plesk is safe?