htaccess

How to identify malicious .htaccess strings?

I got a site as a gift, but Google searches, the search engine defines the main page as hacked and sent a letter so that I can figure it out. It seems like a redirect is coming from my site. There is no redirection from the computer, but it seems like the redirection continues from the smartphone.

I changed the main page of the site, removed the suspicious slider (some online checks showed it), in general, I made an absolute clean page. Sent an email to Google to check my site again. I received a letter from which I found out that the problem was not solved and:

Check your site on a smartphone and you will see that it redirects users to a spam domain. If a smartphone is not at hand, you can use the mobile device emulator in Chrome (developer.chrome.com/devtools/docs/device-mode), where you can specify, for example, Google Nexus 5 or Apple iPhone 5 as a device. With this type of hacking an attacker often makes changes to your .htaccess file. Check out these case studies: and then check your .htaccess file for unexpected changes

Actually, here's the question: I'm not special in these htaccess , how to figure out what is necessary in this file and what is malicious?

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://feeds.feedburner.com/InplastCompany$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yandex.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yandex.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yandex.ru$ [NC]
RewriteCond %{HTTP_REFERER} !^http://blogs.yandex.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://blogs.yandex.ru$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.yandex.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.yandex.ru$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.google.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.google.ru$ [NC]
RewriteCond %{HTTP_REFERER} !^http://google.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://google.ru$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.google.ru/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.google.ru$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.google.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://google.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://images.google.com$ [NC]
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
RewriteRule .*\.(.*.*.*jpg|jpeg|gif|png|bmp)$ http://sau.su/57f20dab4ce6da79ccf9aa5529e70707/prison.jpg [L]
FileETag MTime Size
<ifmodule mod_expires.c>
<filesmatch ".(jpg|gif|png|css|js)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
</filesmatch>
</ifmodule>
<ifModule mod_gzip.c>
 mod_gzip_on Yes
 mod_gzip_dechunk Yes
 mod_gzip_item_include file \.(html?|txt|css|js|php)$
 mod_gzip_item_include handler ^cgi-script$
 mod_gzip_item_include mime ^text/.*
 mod_gzip_item_include mime ^application/x-javascript.*
 mod_gzip_item_exclude mime ^image/.*
 mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*inplast-nn.ru.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]





# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress