How I recovered my 19 WordPress websites from malware infection {lowerbeforwarden.ml redirection malware}

RichKIDLK

RichKIDLK

BANNED
Joined
Aug 30, 2020
Messages
1,200
Reaction score
1,157
Background story:
I faced a malware issue on last two week ago. I have posted a thread about that https://www.blackhatworld.com/seo/what-happen-to-these-websites-huge-malware-attack-going-on-the-world-wordfence-hacked.1262776/.

I got so many replies on that thread about the issue and one good soul ready to help me to resolve my problem. Thank you @Veil123 & @BassTrackerBoats for that replies again.

But in my life, I love to face challenges. Because it gives me more experience and strength and also increasing my knowledge.

Fist of all I want to say I used GoDaddy hosting(the worst hosting service ever), but now I moved all my websites to siteground hosting. I'm saying why GoDaddy is sucked when come to hosting security because one of my friends also faced with malware issue 1 year ago with this GoDaddy hosting and he lost his more than 50 websites.


What did I do to recover my websites:

if you ever faced a malware issue use this path to recover your websites. I don't know if this works with all the time because maybe you will face another malware issue, but in this case, I have encountered a malware issue with this virus called "lowerbeforwarden.ml redirection malware."


This is the simple steps I have followed.

  1. Clean the WordPress database ( I have used search and replace option in phpmyadmin, attached a guide down below)
  2. Take database backup (only the WordPress database files)
  3. Zip and download wp-content folder (not themes, uploads folder only)
  4. Clean the wp-config file and download it
  5. Save old WordPress user name and password
  6. Go to new host of yours and install fresh WordPress copy (Note down your new database name and passwords from viewing advanced settings in installation window)
  7. Go to the phpmyadmin on new hosting Cpanel
  8. Drop the all current database files from the fresh installation
  9. Import all the backup database files that I have previously recovered
  10. Copy old upload folder into new wp-content -> upload folder and move our imported files into it
  11. Upload the old wp-config file and change the user, DB name and DB password only to new ones (do not change the prefix)


I followed this website guide to recover my 19 WordPress websites from this malware infection.

https://okeyravi.com/wordpress-website-malware-fix/ (not my website)

I posted this here because maybe in future you were going to need this. I faced this challenge, and I fixed all of it.
 
Advertise on BHW
Thanks for posting this. Did you found the issue that causing malware on website? maybe any theme or plugin causing issues?
 
RichKIDLK said:
  1. Clean the WordPress database ( I have used search and replace option in phpmyadmin, attached a guide down below)
  2. Take database backup (only the WordPress database files)
  3. Zip and download wp-content folder (not themes, uploads folder only)
  4. Clean the wp-config file and download it
  5. Save old WordPress user name and password
  6. Go to new host of yours and install fresh WordPress copy (Note down your new database name and passwords from viewing advanced settings in installation window)
  7. Go to the phpmyadmin on new hosting Cpanel
  8. Drop the all current database files from the fresh installation
  9. Import all the backup database files that I have previously recovered
  10. Copy old upload folder into new wp-content -> upload folder and move our imported files into it
  11. Upload the old wp-config file and change the user, DB name and DB password only to new ones (do not change the prefix)
Click to expand...
nice method right there, thanks for share
 
RichKIDLK said:
Background story:
I faced a malware issue on last two week ago. I have posted a thread about that https://www.blackhatworld.com/seo/what-happen-to-these-websites-huge-malware-attack-going-on-the-world-wordfence-hacked.1262776/.

I got so many replies on that thread about the issue and one good soul ready to help me to resolve my problem. Thank you @Veil123 & @BassTrackerBoats for that replies again.

But in my life, I love to face challenges. Because it gives me more experience and strength and also increasing my knowledge.

Fist of all I want to say I used GoDaddy hosting(the worst hosting service ever), but now I moved all my websites to siteground hosting. I'm saying why GoDaddy is sucked when come to hosting security because one of my friends also faced with malware issue 1 year ago with this GoDaddy hosting and he lost his more than 50 websites.


What did I do to recover my websites:

if you ever faced a malware issue use this path to recover your websites. I don't know if this works with all the time because maybe you will face another malware issue, but in this case, I have encountered a malware issue with this virus called "lowerbeforwarden.ml redirection malware."


This is the simple steps I have followed.

  1. Clean the WordPress database ( I have used search and replace option in phpmyadmin, attached a guide down below)
  2. Take database backup (only the WordPress database files)
  3. Zip and download wp-content folder (not themes, uploads folder only)
  4. Clean the wp-config file and download it
  5. Save old WordPress user name and password
  6. Go to new host of yours and install fresh WordPress copy (Note down your new database name and passwords from viewing advanced settings in installation window)
  7. Go to the phpmyadmin on new hosting Cpanel
  8. Drop the all current database files from the fresh installation
  9. Import all the backup database files that I have previously recovered
  10. Copy old upload folder into new wp-content -> upload folder and move our imported files into it
  11. Upload the old wp-config file and change the user, DB name and DB password only to new ones (do not change the prefix)


I followed this website guide to recover my 19 WordPress websites from this malware infection.

https://okeyravi.com/wordpress-website-malware-fix/ (not my website)

I posted this here because maybe in future you were going to need this. I faced this challenge, and I fixed all of it.
Click to expand...



thanks for sharing and glad it worked for you.
 
The same thing happened to all my sites. Wordfence is causing all these problems. I removed the plugin and installed a new WordPress and setup all thing from scratch. It took too much time but I finally recovered all sites and it is working well now.
 
I use this steps every time I try to migrate a website to another web hosting company
 
jhakasseo said:
Thanks for posting this. Did you found the issue that causing malware on website? maybe any theme or plugin causing issues?
Click to expand...

First, I afraid this is some weak point of wordfence plugin because I have installed wordfence for every website and set up it completely. But after researching on the web, I found that's not the reason for this. I never used any nulled themes or any nulled plugins with my websites.

I discussed with Godaddy hosting customer service about this. But you know, what they said.!! They didn't even know that time this type of malware attack going on the world on that day at the same time. I found that most of them faced this malware issue with Godaddy hosting when discussing in the forums and groups.

So first I determine this's a security failure of them. And also I saw this happen because of the wp file manager lop hole. As a result of that I decided to move my websites from Godaddy to Siteground.

The other reason's not only WordPress websites faced this malware issue, but also HTML websites. My few HTML websites index.php file injected by this malware. I researched that, and I found it's all about file permission.

If we set up files permission for the world to edit our files inside of the hosting, they can inject whatever they wanted to our files without any problem.

I think I have faced this issue with file permissions. Most of hosting account default create this file permission to secure level. But I saw my Godaddy hosting inside, that's not secure file permissions.

If you want to gain more knowledge about file permissions, read this: https://premium.wpmudev.org/blog/understanding-file-permissions/ (not my website)
 
RichKIDLK said:
First, I afraid this is some weak point of wordfence plugin because I have installed wordfence for every website and set up it completely. But after researching on the web, I found that's not the reason for this. I never used any nulled themes or any nulled plugins with my websites.

I discussed with Godaddy hosting customer service about this. But you know, what they said.!! They didn't even know that time this type of malware attack going on the world on that day at the same time. I found that most of them faced this malware issue with Godaddy hosting when discussing in the forums and groups.

So first I determine this's a security failure of them. And also I saw this happen because of the wp file manager lop hole. As a result of that I decided to move my websites from Godaddy to Siteground.

The other reason's not only WordPress websites faced this malware issue, but also HTML websites. My few HTML websites index.php file injected by this malware. I researched that, and I found it's all about file permission.

If we set up files permission for the world to edit our files inside of the hosting, they can inject whatever they wanted to our files without any problem.

I think I have faced this issue with file permissions. Most of hosting account default create this file permission to secure level. But I saw my Godaddy hosting inside, that's not secure file permissions.

If you want to gain more knowledge about file permissions, read this: https://premium.wpmudev.org/blog/understanding-file-permissions/ (not my website)
Click to expand...

What about websites hosted via Cloudflare?
 
jhakasseo said:
What about websites hosted via Cloudflare?
Click to expand...

Yeah, I saw that people start to discuss on the Cloudflare support forum about this. They also faced this issue. No matter what protection we used with our websites Cloudflare/ wordfence etc., it's all about this wp file manager weak point and our file permissions.
If we set up our hosting file permissions to the weak security level, hackers can inject whatever they want to our site files. Specially index.php files. Some users are starting to complain this is a fault from them. But that's not the actual reason. I found this is the reason for insecurity.
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top