Due to many requests, we are releasing a program to repair HTACCESS and Index.php, which is instantly tampered with again in WordPress.
HTACCESS and Index.php to be tampered with again in an instant
This malware here is one that hackers embed in a site and misbehave by directing users to another site or disabling some functions of the administration page.
This malware sneaks into the server process and immediately re-modifies HTACCESS and Index.php within a second, even after modifying them, making them difficult to erase.
We will release a program to repair Index.php and HTACCESS when infected with this malware.
(Please note that other types of malware cannot be removed by using this program.)
How to use the software (script) to repair HTACCESS and Index.php
1 Download and unzip the program
IndexHtaccessFixer
Download and unzip the repair program zip file from the link above, which contains the program IndexHtaccessFixer.php.
2 Download the tampered HTACCESS and rename it so that the above program can access it.
This type of malware modifies HTACCESS so that it can only access a very small number of files with the PHP extension.
If you download the HTACCESS file that has been tampered with by your FTP software and open it with a text editor, you will see the following posts.
<FilesMatch ". (py|exe|php)$"> Order allow,deny Deny from all </FilesMatch> <FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|... followed by file name)$"> Order allow,deny Allow from all </FilesMatch>
The part of the file name that is written like radio.php|index.php|content.php|lock360.php means that only access to this file name is allowed, so change the aforementioned IndexHtaccessFixer.php to one of these file names. Please change the aforementioned IndexHtaccessFixer.php to one of these file names.
Example
IndexHtaccessFixer.php → about.php
3 Upload the program to the server and access it with a browser
Upload the renamed program to the server with FTP software to the folder containing the WordPress tampered HTACCESS and Index.php and access it with a browser.
Example
http://Your site URL/about.php
A screen similar to the one below will appear, so press the Repair button.
If WordPress is installed in a subdirectory, enter the folder name in the input field and press the Repair button.
Program License and Precautions
By downloading and using the above repair program, you agree to the following terms and conditions.
We assume no responsibility for the use of the program and you use it at your own risk. We do not assume any obligation to support any program or to update it to correct bugs.
This program removes all caches of PHP processes and Opcash executable programs. This will cause the server batch processing and other running PHP programs to stop executing. This may cause some server problems.
Direct links to the ZIP file of the repair program are prohibited.
What if Index.php and HTACESS are repaired?
We recommend that you log in to WordPress and install a malware scanning and removal plugin to scan and remove other malware.
Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
