January 6, 2010 | 
Author 
Here at MICE, we don’t publicly advertise our security clients because it’s an open invitation to hackers.
However, I do need to tell you that I was recently hired to look over a self-hosted WordPress blog site that had been hacked. I didn’t get to see the actual hacked message, but the client described it as a defacement of the main blog page saying, “You’ve been hacked.”
I am still trying to find out from the blog owner a few minor details to determine how it was actually done, but the .htaccess file had been modified giving the hacker permission to rewrite to all the files on the blog.
As soon as I find out the remaining information, I will post more details including screen shots of the website that the file redirected to.
I am blocking the actual redirect website with Xs in the line I found in question in the .htaccess file because I don’t want anyone going there, but if you see this code, delete it and re-upload the file.
RewriteRule .* http://xxx-xxxxx.xx/xx.cgi?4¶meter=ku [R,L]
The R stands for Redirect and the L means Last so it stops processing the rule after the condition is matched.
You can open the .htaccess file in a textpad or notepad document if you right mouse click and choose open with.
More later but this your heads up!
Posted in 
Tags:  |
 |
 |
|
||
 |
|
 |
|
||
Join today and receive a FREE copy of our "Why is My PC So Slow?" eBook!
