It seems my encounter over the weekend with the htaccess rewrite or as I call it “the htttp://reltime2012.ru/frunleh?9 problem” struck a nerve.
At first I thought this was a recent attack on WordPress sites as when I searched for the URL string only about 40 entries came up and they all involved the word “redirect”. When I searched Google yesterday for an answer to the redirection all I could find were really old blog posts on WordPress.org forums about WordPress redirecting to sites in Russia. None of them had any definitive answers about reltime2012.ru.
There was an opportunity to come up with a solution to this problem of having traffic diverted to a Russian site through htttp://reltime2012.ru/frunleh?9. And to come up with it in plain English.
It didn’t take me long to outline in a multi part video on my WordPress training with newmediaMike site how to:
The fix in video 2 involves downloading or modifying a clean htaccess file and placing it in the root directory of your site. Since it was the htaccess file that had been modified and was redirecting traffic I also knew there would be people who may not want get in their server and play with this; so I came up with a solution to the reltime2012.ru problem without having to get all geeky.
This solution involves installing the Bullet Proof Security plug-in. But in order to install the BPS plug-in you need to have access to your site. If you can’t get access to your site because of the frunleh?9 redirection to install the BPS plugin as a fix then you will need to follow videos 1 and 2. Be sure to download the clean htaccess file as well. Then once you have access to your WordPress dashboard again download, activate and set up Bullet Proof Security.
From what I understand once the BPS Plug-in is activated this hack can’t occur again. ou may still be vulnerable to other attacks. I’m going to remain a bit skeptical and I am monitoring my htaccess files for any changes. In the meantime, my fixes for the htttp://reltime2012.ru/frunleh?9 problem seem to work, traffic levels here on newmediaMike are awesome and traffic to WP Training Online is growing too.
Good luck getting your traffic back!
UPDATE – July 17, 2012
On another site I host I discovered that the .htaccess file for not only the root directory had been hacked but the sub directory where WordPress resides had it’s .htaccess file hacked as well. So if clearing out the .htaccess file doesn’t work keep digging through all your directories for any stray .htaccess file. Somehow this attack, for lack of a better word, hits ALL .htacess files. I also found hacked .htaccess files in directories for sites which weren’t live. Which to me indicated my host server had been hacked. I changed the password to my hosting account and hopefully that will also act as a wall.
Good luck out there!