Category Archives: htaccess

Malware Redirecting To Enormousw1illa.com

Posted on February 2, 2012 by dd

We are seeing a large number of sites compromised with a conditional redirection to the domain http://enormousw1illa.com/ (194.28.114.102). On all the sites we analyzed, the .htaccess file was modified so that if anyone visited the site from Google, Bing, Yahoo, … Read more


Posted in htaccess, malware, malware_updates | Tagged , , | Leave a comment

DreamHost Security Issue Prompts FTP Password Resets

Posted on January 21, 2012 by Dre Armeda

Yesterday on the DreamHost Status Blog, it was announced that all shell/FTP passwords would be reset due to what looks to be a security breach that was discovered on one of the DreamHost database servers. DreamHost looks to have done … Read more


Posted in DreamHost, FTP, hacked, htaccess, Passwords, pharma, sucuri | Tagged , , , , , | 1 Comment

The New (and Old) .htaccess Attacks – Now Using .in Domains

Posted on November 28, 2011 by dd

We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search engine traffic to a different (malicious) page that attempts to compromise the browser / computer … Read more


Posted in hacked, htaccess, malware, malware_updates, wordpress | Tagged , , , , , | Leave a comment

Htaccess Redirection to Sweepstakesandcontestsinfo dot com

Posted on November 14, 2011 by dd

Last week we started to see a large increase in the number of sites compromised with a .htaccess redirection to http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555. This domain has been used to distribute malware for a while (generally through javascript injections), but only in the … Read more


Posted in hacked, htaccess, malware, malware_updates, vulnerability | Tagged , , , , | 1 Comment

GoDaddy shared servers compromised – .htaccess redirection to sokoloperkovuskeci.com

Posted on September 14, 2011 by dd

We are seeing many sites hosted on GoDaddy shared servers getting compromised today (and for the last few days) with a conditional redirection to sokoloperkovuskeci.com. This is what it looks like on our scanner: Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7 Redirects … Read more


Posted in blacklisted, godaddy, hacked, htaccess, malware, malware_updates | Tagged , , , , , , | 12 Comments

WordPress sites with .htaccess hacked

Posted on August 17, 2011 by dd

The TimThumb.php vulnerability is causing a lot of WordPress sites to get compromised with the superpuperdomain.com and superpuperdomain2.com remote JavaScript injection. However, that’s not all that it is doing. On many of the sites we are analyzing, the .htaccess file … Read more


Posted in hacked, htaccess, malware, malware_updates, wordpress | Tagged , , , , | 1 Comment

Understanding .htaccess attacks – Part 1

Posted on May 27, 2011 by dd

Attackers have been using the .htaccess file for a while. They use this file to hide malware, to redirect search engines to their own sites (think blackhat SEO), and for many other purposes (hide backdoors, inject content, to modify the … Read more


Posted in htaccess, malware, malware_updates, vulnerability | Tagged , , , | 2 Comments
RSS Delicious