| 8:27 pm on Dec 25, 2011 (gmt 0)|
Never mind, I have discovered over 200 lines added to my .htaccess by an intruder.
| 8:07 am on Jan 30, 2012 (gmt 0)|
How? any idea?
| 10:51 am on Jan 30, 2012 (gmt 0)|
200 lines?! Inquiring minds want to know: did your hacker pile on 200 separate pieces of unspeakable evil, or was he just an unspeakably bad programmer?
Interesting anyway. Are we dealing with a human who gambled that website designers will always look at their sites with the biggest possible viewport, so you'd never notice you'd been hacked?
It goes without saying that you instantly changed all passwords having to do with the site. (Don't know about the rest of you, but for some reason mine uses three different ones. There's one for (S)FTP, one for the stats and I forget the third one. Control panel maybe.)
| 1:27 pm on Jan 30, 2012 (gmt 0)|
It could be that dibbern2 was looking at a cached version of his site using his computer. But... unless (s)he comes back and fills us in, we won't know for sure.
| 4:40 pm on Jan 30, 2012 (gmt 0)|
Surprised this old post suddenly woke up. What would you like to know?
lorax: cached? absolutly not. I'm a he. lucy: the code redirected mobile operating systems; there were more than I ever could have come up with on my own. Changing passwords was a pretty obvious first step. I think you are on to something with the observation about webmasters looking at their sites.
Dinkar: impossible to be certain about how. Think of all the points where passwords are at risk in the continuum of office pc's, wireless nets, and shared hosting, and I believe you just cannot pin it down.
| 7:02 pm on Jan 30, 2012 (gmt 0)|
From the hackers point of view, it is kind of a smart move. Most webmasters probably won't check their sites on mobiles, and this can go undetected for a long time.
Change file permissions, and if you have installed third party applications get them up to date. If the hacker can get access to your .htaccess file, then they probably have access to the rest of your files too.