0

Today, a DDoS attack happened to one of my WordPress sites, and as a result, all the sites on my DigitalOcean droplet were affected. I had to enable "under attack mode" in Cloudflare, and now my server is fine.

However, I am now facing an issue where URLs with ".php" extensions are not behaving as expected on all WordPress websites hosted on the server. I have tried directly accessing a .php file on the server (e.g., example.com/test.php), but it consistently loads the home page instead. Strangely, when I tried accessing a .html or .txt file directly, they are accessible.

Additionally, when attempting to access the admin panel, I receive a "403 Forbidden You don't have permission to access this resource" error.

I want to note that I have not made any recent changes on any of the websites.

To troubleshoot the issue, I have already taken the following steps:

  1. Disabled all plugins.
  2. Enabled debug mode.
  3. Paused Cloudflare.
  4. Cleared all cache.
  5. Checked file and directory permissions.
  6. Deleted and restored the .htaccess file.

Despite these efforts, the problem persists. I am concerned about the security and functionality of my websites. Any further advice or assistance would be greatly appreciated. Thank you.

Faisal Shaikh
  • 3,900
  • 5
  • 40
  • 77
  • What exactly does "under attack mode" in Cloudflare do? – j08691 Jul 25 '23 at 20:03
  • @j08691 Show visitors a JavaScript challenge when they visit your site. – Faisal Shaikh Jul 25 '23 at 20:07
  • But you disabled that cloudflare protection again (and also cleared all caches on that end, I presume?), and the problem still persists? Hosting providers sometimes also take kind of "drastic" measures, when a site is under attack - perhaps they disabled everything "dynamic" for your account, or something ...? I'd contact their support, even if only to exclude that possiblity. – CBroe Jul 26 '23 at 06:30
  • @CBroe Yes, I paused Cloudflare and cleared all cache but problem still persist. Got an email from DigitalOcean support team he shared all the solution which I have already tried and even mentioned on the email. Support guy ignore those lines where I mentioned that I can't access any file with .php extension (even test.php). – Faisal Shaikh Jul 26 '23 at 07:38
  • _"tried directly accessing a .php file on the server (e.g., example.com/test.php), but it consistently loads the home page instead"_ - can you clarify what that means? Does it keep showing `/test.php` in the address bar (but shows different content than expected), or are you getting redirected to `/`? – CBroe Jul 26 '23 at 07:48
  • @CBroe it loads home page instead of test.php – Faisal Shaikh Jul 26 '23 at 08:56
  • I just specifically asked you to clarify what that actually meant, so why are you just repeating the same words again? Does `/test.php` stay in the browser address bar, YES or NO? – CBroe Jul 26 '23 at 09:00
  • @CBroe yes in browser it shows /test.php but loads home page. when I click on any post page it load that post url in address bar but shows home page only – Faisal Shaikh Jul 26 '23 at 11:44
  • If the address bar stays on /test.php, then the issue must have do to with URL rewriting, I suppose - otherwise, it would not be possible that you get the home _content_ shown (unless you had explicitly written the test.php to do exactly that, but that's probably not the case here.) Can you show your .htaccess file contents? (Out it in the question, please, properly formatted - in comments it would become hard to read.) – CBroe Jul 26 '23 at 11:49
  • @CBroe the issue is with rewriting. I noticed that after deleting .htaccess files it regenerates. After some digging I noticed that my website was hacked and I had to delete those malicious files. – Faisal Shaikh Jul 26 '23 at 12:57

0 Answers0