wheel - 2:07 am on Jan 16, 2013 (gmt 0)
No and no. Blocking IP's will not fix the problem. And as I mentioned...forget the .htaccess file. That has basically nothing to do with security. The hackers apparently put that in so they could redirect your site, which is the kind of thing that .htaccess does (redirect, not secure)
The hackers almost certainly got in through one of three ways:
1) they got one of your passwords (so when you move hosting companies, change all your passwords).
2) they cracked a script on your website, so as I noted, start with a new version of any scripts. That assumes that if you're using a CMS or something, that a new and clean version won't have the exploit (which is why I said don't use a backup).
3) they came in through your hosting company. And you've told us how much your hosting company.
Frankly, I think there's a pretty good chance they came in through your host. If not, they almost certainly came in through a script on your site. And the easiest way to mostly get this fixed is the procedure I outlined - start fresh elsewhere.
Let me be clear - if you want to stay on your host with your existing site then you need to bring in a pro to diagnose where the hacker got in. Nothing less will do. If you're not doing that, then you're just wasting your time. Otherwise if you want a solution that's cheap and fast and is probably effective, follow the steps I outlined. It's what I'd do if I was on shared hosting. If you start now, you could be live and fixed somewhere by tomorrow rather than still figuring this stuff out. In other words - quit trying to figure out the problem and just go directly to the solution.