1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

htaccess file hacked and all my domains are sending out spams

Discussion in 'Black Hat SEO' started by Ledlys, Sep 7, 2012.

  1. Ledlys

    Ledlys Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    232
    Likes Received:
    0
    This is an example of one of my htaccess files for one of my wordpress sites.
    this is a normal wordpress blogg and I guess I don't need all this rewrite rules.

    what can I take away, where do you think the hacker have put he's spamming software?


    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /yank/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /yank/index.php [L]
    </IfModule>


    # END WordPress
     
  2. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Here is a copy of mine:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress
     
    • Thanks Thanks x 1
  3. DutchTrafficService

    DutchTrafficService Regular Member

    Joined:
    Aug 12, 2010
    Messages:
    473
    Likes Received:
    234

    Eh, i assume you have it installed in the folder "yank", if so, this is a normal default wordpress .htacces.
     
    • Thanks Thanks x 1
  4. Ledlys

    Ledlys Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    232
    Likes Received:
    0
    thanks :) I just copied yours! Lets hope it works :)
     
  5. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Most probably the hacked-in, spamming scripts were uploaded to that directory. So better take a look at it, and see if the scripts can give you a clue of who the hacker is.
     
    • Thanks Thanks x 1
  6. Ledlys

    Ledlys Regular Member

    Joined:
    Oct 3, 2011
    Messages:
    232
    Likes Received:
    0
    I don't have any folder called yank, can't find it, can't delete it
     
  7. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Have you tried using the anti-malware plugins from within wordpress - antivirus, authentic theme-what's-it's-name-plugin?. You may be able to at least find the culprit that way.

    EDIT: Plus, have you ruled out a compromised PC? ie. the hacker stealing your access credentials and uploading everything via cpanel or ftp?.
     
  8. Endire

    Endire Elite Member Premium Member

    Joined:
    Mar 27, 2012
    Messages:
    1,756
    Likes Received:
    1,061
    Gender:
    Male
    Ledlys

    As mentioned by dutchtrafficservice, and aside from the yank file path, this is a typical .htaccess file for Wordpress. In answer to your question about removing lines, yes there are some that could be removed but without knowing more about your hosting provider and your overall configuration, I cannot recommend removing any lines. For example the <IfModule> wrapper could be taken out because it can be a drain on Apache server resources if mod_rewrite is enabled.

    In the header of your question, you mention that your .htaccess file was hacked. It doesn't appear that there is anything out of place with the code that you copied and pasted. Are you saying there are other .htaccess files elsewhere on your server that are causing you problems? As mentioned by a previous poster, try some of the malware plugins for Wordpress. Also, if you are sure it's the files on the server that have been compromised, you should contact your hosting provider. Chances are if the problem is with server files you are not the only one experiencing problems.

    Here are a couple different malware plugins,

    http://wordpress.org/extend/plugins/sucuri-scanner/

    http://wordpress.org/extend/plugins/gotmls/

    Here is an article posted by one of the malware makers above. It talks a little about a situation like you describe,

    http://blog.sucuri.net/2011/08/wordpress-sites-with-htaccess-hacked.html

    Hope this helps you,

    Shawn
     
  9. cooltemplate

    cooltemplate BANNED BANNED

    Joined:
    Aug 30, 2012
    Messages:
    18
    Likes Received:
    1
    Hello, if you trust me then i can try to get your site back. but if you change some there or change in database source then i can not have. Thx