hacked .htaccess
The owner of a hacked website sent me information on the hacktool (more on that later, maybe) used to turn his website into a spammy one - without his knowledge.
I downloaded his .htaccess file, and found the following code:
Basically, it makes a redirect to the bad site, if you come in from any of these search engines.
Please check your .htaccess file for foreign code!
Wow,
this sure is shocking. Will wait to read about that tool!
Means regular monitoring of my .htaccess
Spam food?
Wow, why would you publish this? Other spammers are now searching for crazy for this exploit. You would think you anti-spam people would shut up and not feed the spammy community.
It funny how it seems you think you are doing the anti-spam community this great service, when in reality, I talk to spammers everyday who go here for fresh ideas.
You should do the anti-spam a huge service, and take this site down.
Just my 2 cents. Thanks for reading.
To Steve (not) Balmer:
Right, and those spammers have no qualms about doing criminal acts in order to earn their spammer money? Because in order to use that .htaccess code, they’d have to hack into other people’s sites to place it.
The hacker/spammers I’ve seen use this sort of code so far are in Russia. I’m guessing your spammer pals are in the US or other countries in the west. With law enforcement that might take a keen interest in this sort of hacking.
It seems you have missed the scope of my article..
I am not talking about legal issues, nor location of spammers globaly. I am talking about how the spammer ratio to actual webmasters that view your website, I think more spammers read your posts for fresh ideas, then webmasters use your site for defense.
How about this scenario…Even say if the ratio was 1:1 Say you give 1 web master information on an exploit, and 1 spammer information on an exploit. You have given that webmaster the power to defend his 1 website, and you have gave the spammer the power to affect millions of webpages.
So to that comes my question, how can you justify you are doing the anti-spam community a service rather than a disservice?
Thanks for reading.
Steve
Well, you’re not Steve Ballmer. Don’t know who Steve Balmer is.
I was thinking along your lines for a while, until I realized how incredibly organized the spammer communities are. There might be one or two forerunners, but usually, as I find an exploit or “new” way of spamming, I originally track one spammer. Within a day, I’ve stumbled on at least two more.
They learn from each other. Not here, but on their own forums and their own blogs.
I provide information for webmasters to protect themselves. If one or two clueless spammers find information here, then so be it. Getting the word out about what we as webmasters face far outweighs the risk of one or two outsiders learning more than they already know.
The concept of using a .htaccess file for redirecting might be new to a few webmasters. But it’s actually webmaster 101. Redirection is something all webmasters should know about. And most spammers already knew. Whether the redirection was in a php file or in an .htaccess file, that’s what makes most of their doorway generators work.
The ONE thing that’s new, is the hacking of websites coupled with a changed .htaccess file.
Well, if 1 spammer learns from your site, and attacks 1 million sites with the information, I am pretty sure then you have done the anti-spam community a large disservice.
Also, it seems a few people are seeking legal action against your site in regards to your actions of labeling people as well as posting very personal information of them on your site.
Yes, spamming is not very honorable, but it is not unlawful, but I am not here to talk legal, lets talk about humanity, and as goes posting personal information and personal mailing addresses of people you are accusing of spamming, is very dangerous for all parties involved.
Yes, they are spammers, but they have families and kids as well. They might spam many different pages, but there are people out there that do not know how to handle their anger and take things a little too far and go and visit these people and their families at there homes, and threaten to kill the kids and wife on the answering machine, and that is just wrong, I don’t care what junk email was sent to you or what comment was posted on your blog. You are the one making it easier for these people to find the homes and locations of these people to put families in danger and that simply is just wrong.
Steve, the information I’ve posted is easily available. Even in those cases I’ve posted older whois info. That information is available at domaintools.com. ALL whois info is available through lots of sources, including domaintools.com. The rest is Google searches and other freely available tools. They’d have a problem showing how what I’m doing is different from what any spam hunter could get for him/herself.
I don’t advocate violence, and never did. Threats are despicable as well. In fact, I should probably write a post about threats and harassment. Most states have laws about that. It’s a misdemeanor in most states, and when escalated, becomes a felony.
As I’ve said before, the aim is to get the spammer in jail, not the spam hunter.
I really think it’s sad that some people will go so far and leave threats on spammers’ answering machines. However, blaiming spamhuntress for that is a result of very strange reasoning.
Spammers piss people of on a daily basis. Thousand, maybe millions of people. Now when a spammer finds a threat on his answering machine, do you really think he should go and complain that spamhuntress posted his information? Shouldn’t he maybe sit down and think about the fact that he’s pissing people off?
If making others angry is your job, you shouldn’t be surprised when you feel that anger every once in a while.
I have to say this is a really scary htaccess hack! I can easily see such a hack go unoticed for a long time. Why would you check, you look at your blog and everything is ok. Then by random chance when you’re checking out your SER (Search Engine Ranking) you happen to discover this.
What’s worse is that at first you’d have no idea why. I have to admit, I myself wouldn’t think of looking at the htaccess file, not for a long time!
Of course now that I know, I’ll be monitoring this file, generate some script to automate this process.
Nonetheless this is a very sneaky and powerful way to hack a site for money without the owner even realizing! Or even knowing what’s causing it.
Great post!
I agree Stephane, that’s a really sneaky trick and a lot of site owners wouldn’t notice.
Anyone who watches their site stats would know straight away, but less hands-on webmasters would have no way of knowing, and those lost visitors are unlikely to tell them the problem because they never see the site. Meanwhile the site owners are wondering why i’s a quiet month.
hmmmm. nasty.
Thanks for future idea $)
[...] From the spamhuntress blog- [...]
[...] Spamhuntress skriver i sin blog om et website der var belevet hacket, og hvor hun så lige for god ordens skyld tjekkede .htaccess filen. Og det var godt! For det viste sig, at filen var blevet ændret, således at alle søgemaskine-spidere (og kun dem) som besøgte websitet ville bliver 301 redirected til et af hackerens egne websites. Du kan se koden på Spamhuntress blog her. [...]
[...] hacked .htaccess This is probably the most effictive hacking idea I’ve ever seen to monetize the website you’re hacking! [...]
I don’t know who ‘Steve Balmer’ is either, but ‘Steve Ballmer’ is Microsofts Chief Executive Officer…
So, how does one fix this? How do the spammers get to htaccess? I want to stop future attacks
HEllo, i have a site that have been hacked the same way. somehow hacker get acces to the file system replacing the .htaccess file, and uploading some other malaware scripts to the site. i just don`t get how does he get access to the filesystem. how does he broke the application to get in. the application have no writing access, there is no 777 permission folders…
some idea out there??
Thanks