An internet site I maintain professional-bono was compromised, doling out 302s to gaming sites, etc. www.rebekahshouse.org. After much searching through my hosting company's user interface, I discovered the reason within the htaccess file. It looked something similar to this:
RewriteEngine on
RewriteCond %{HTTP_REFERER} .oogle.com [NC,OR]
RewriteCond %{HTTP_REFERER} .ahoo.com [NC,OR]
RewriteRule .*hxxp://87.248.180.89/topic.html?s=s- [C,L]

(I believe which was C, L I overwrote it and attempted to recreate it above, might've skipped an item in some places)

Anyway, I overwrote it with this particular:

order allow,deny deny from all

Is likely to anything for me personally? What Must I have during my .htaccess file? This really is purely a static html site.

Thanks!

If you are managing a static site its highly likely you do not need anything inside your .htaccess. Next workout the way your site really got compromised...just like you haven't resolved it's just going to take place again.

Your real concern ought to be the way it happened to begin with. Defacers and the like frequently return and can try exactly the same factor again on the formerly cracked site, because so many occasions the vulnerability is not fixed.

The htaccess file is incidental. You've been compromised by among the Russian adware and spyware gangs. If you do not close the opening that permitted the hack to occur, you'll just get compromised again.

It's feasible for the server is jeopardized and there's more stuff onto it you do not know about, for example trojan viruses software that may not just deface your sites, but additionally launch attacks on others, send junk e-mail, and so forth. Presuming appropriate permissions around the directory that contains the htaccess file, it shouldn't happen to be easy to write personal files there even when you possess an insecure web application on the website. Certainly if you're only coping with static files the only method this type of file might have got there's because of your uploading account, or even the server itself being jeopardized.

Whether it's your server, as I am speculating in the fact it responds to some direct query by Ip, you have to flatten it and re-install from up-to-date software, use new passwords, and appearance your personal client machines you are uploading from for infections.

(According to @YGomez's comment: first of all, you have to close the vulnerability which permitted the roll-out of that .htaccess file, else the adware and spyware will return very quickly I most likely must have pointed out that clearly)

Part one will redirect all site visitors arriving from yahoo to 87.248.180.89

The 2nd part ("allow, deny") will deny use of your website for everyone.

I would recommend to merely remove the .htaccess and that would be that - if you are using b .htaccess file, you'd understand what gets into there, else you do not need it.

No, that will not do anything whatsoever for you personally. For any static site you might not require a .htaccess file whatsoever.

the 1st step : change FTP password The 2nd Step : Download all files and clean The 3rd Step : upload Files The Fourth Step : Set 444 permission to any or all files, except Custom Upload folders

Recall Don't save FTP password inside your FTP client Should you suspects that the product is infected, Format and install OS, then use a good anti-virus + firewall. I would recommend Avast free edition and Comodo Firewall.

We now have received many queries and that we washed individuals infected sites. If your internet site is infected Please e mail us

Sincerely, Team HelloSystemadmin.com