Tweet
So I have a site hosted with dreamhost. We had it hacked and bad things were inserted in the code, which made our site link to porn.. yay.
I ended up deleting all the files to the point of the root of the server containing nothing, then uploaded new files, which I typed myself in plain HTML/PHP.
The issue is that every link I have on the site will again turn into porn links. on the 7th click, the links direct to porn. The link when viewing the source is fine, the source code when re-downloading it from the server is fine too, yet there are still porn links coming up. How could this be?..
I scanned my local computer with AVG, and it found nothing.. also the porn links only appear on my site, not on other sites, so it must reside there. Dreamhost tech support has gotten back to me once telling me that it was a password exploit ( I have no idea how, but I did change the passwords to the site as soon as we found out).. but did not offer any word on how to get rid of the porn links.
Another site I host is also available with the same login, and is now tagged by google as a known exploit site. Al it now contains is a simple 5 line HTML file, which has no evil in it, and the php picture gallery which dreamhost has a one click install. I updated the gallery and think all old code from it has been deleted.
Since dreamhost is not getting back to me, I hope someone here has an idea what is going on. I checked for running processes on the server under my username, and it only has bash and ps listed .. I can link to the sites, if anyone here thinks they can pinpoint what is going on .
thanks
I ended up deleting all the files to the point of the root of the server containing nothing, then uploaded new files, which I typed myself in plain HTML/PHP.
The issue is that every link I have on the site will again turn into porn links. on the 7th click, the links direct to porn. The link when viewing the source is fine, the source code when re-downloading it from the server is fine too, yet there are still porn links coming up. How could this be?..
I scanned my local computer with AVG, and it found nothing.. also the porn links only appear on my site, not on other sites, so it must reside there. Dreamhost tech support has gotten back to me once telling me that it was a password exploit ( I have no idea how, but I did change the passwords to the site as soon as we found out).. but did not offer any word on how to get rid of the porn links.
Another site I host is also available with the same login, and is now tagged by google as a known exploit site. Al it now contains is a simple 5 line HTML file, which has no evil in it, and the php picture gallery which dreamhost has a one click install. I updated the gallery and think all old code from it has been deleted.
Since dreamhost is not getting back to me, I hope someone here has an idea what is going on. I checked for running processes on the server under my username, and it only has bash and ps listed .. I can link to the sites, if anyone here thinks they can pinpoint what is going on .
thanks
: 
ops:
Comment