Comments on: hacked .htaccess

by: Snevi

Fri, 29 Feb 2008 01:32:19 +0000

HEllo, i have a site that have been hacked the same way. somehow hacker get acces to the file system replacing the .htaccess file, and uploading some other malaware scripts to the site. i just don`t get how does he get access to the filesystem. how does he broke the application to get in. the application have no writing access, there is no 777 permission folders…
some idea out there??
Thanks

by: ecbb

Thu, 24 Jan 2008 06:49:23 +0000

So, how does one fix this? How do the spammers get to htaccess? I want to stop future attacks

by: Mads Dam

Mon, 28 May 2007 03:15:46 +0000

I don’t know who ‘Steve Balmer’ is either, but ‘Steve Ballmer’ is Microsofts Chief Executive Officer…

by: FollowSteph.com » Weekly 7

Tue, 17 Oct 2006 21:21:53 +0000

[…] hacked .htaccess This is probably the most effictive hacking idea I’ve ever seen to monetize the website you’re hacking! […]

by: .htaccess file hack - Mikkel deMib Svendsen

Thu, 12 Oct 2006 09:34:39 +0000

[…] Spamhuntress skriver i sin blog om et website der var belevet hacket, og hvor hun så lige for god ordens skyld tjekkede .htaccess filen. Og det var godt! For det viste sig, at filen var blevet ændret, således at alle søgemaskine-spidere (og kun dem) som besøgte websitet ville bliver 301 redirected til et af hackerens egne websites. Du kan se koden på Spamhuntress blog her. […]

by: Hump Day Speed Blogging

Wed, 11 Oct 2006 17:30:47 +0000

[…] From the spamhuntress blog- […]

by: аdmin

Mon, 02 Oct 2006 21:19:12 +0000

Thanks for future idea $)

by: Harvey

Sun, 01 Oct 2006 19:53:47 +0000

I agree Stephane, that’s a really sneaky trick and a lot of site owners wouldn’t notice.

Anyone who watches their site stats would know straight away, but less hands-on webmasters would have no way of knowing, and those lost visitors are unlikely to tell them the problem because they never see the site. Meanwhile the site owners are wondering why i’s a quiet month.

hmmmm. nasty.

by: Stephane Grenier

Fri, 29 Sep 2006 21:55:21 +0000

I have to say this is a really scary htaccess hack! I can easily see such a hack go unoticed for a long time. Why would you check, you look at your blog and everything is ok. Then by random chance when you’re checking out your SER (Search Engine Ranking) you happen to discover this.

What’s worse is that at first you’d have no idea why. I have to admit, I myself wouldn’t think of looking at the htaccess file, not for a long time!

Of course now that I know, I’ll be monitoring this file, generate some script to automate this process.

Nonetheless this is a very sneaky and powerful way to hack a site for money without the owner even realizing! Or even knowing what’s causing it.

Great post!

by: Manni

Wed, 27 Sep 2006 15:23:09 +0000

I really think it’s sad that some people will go so far and leave threats on spammers’ answering machines. However, blaiming spamhuntress for that is a result of very strange reasoning.

Spammers piss people of on a daily basis. Thousand, maybe millions of people. Now when a spammer finds a threat on his answering machine, do you really think he should go and complain that spamhuntress posted his information? Shouldn’t he maybe sit down and think about the fact that he’s pissing people off?

If making others angry is your job, you shouldn’t be surprised when you feel that anger every once in a while.