OH MY GOD… it’s been like what.. a month or two? I’ve been trying to protect and prevent the attacks from hackers and spam. In the past couple days, my web site was not even functioning. I did try so many many things. I deleted the whole website, delete all the things I have uploaded to the server, and I even re-installed the WordPress system and database. Nope… no luck on that. I went to check the error log, but couldn’t understand what it was. I noticed that there were some scripts running on the server under my account. However, I couldn’t locate those scripts and understand what’s going on.
Until now… I looked it up to the error log again as Shawn suggested. But, this time I really did pay close attention to the details. Finally, I saw a folder inside Cgi-bin folder, called “Stealth.” There was a script called “test.cgi” running inside the sub folder called “dark.” I’m like.. this is no cool at all. “Stealth”?? Heck no! So, I decided to delete the whole dang folder and sub-folder inside the cgi-bin because I know that I don’t have any scripts running for cgi. So, here it is. It resolves everything.
My lesson learned is that if you have been experiencing errors from “.htaccess” file or re-directing your website to some anti-spam.info, 7speed.info, etc., I would check your index.php files and error logs to see if there is any some weird script running on the server. Check your “Cgi” folder and make sure there is nothing weird in there.
If you have any question or problem, let me know.