So, do you know what script is writing to your .htaccess file?

That is not a 'normal thing' and unless you added a script that can write to .htaccess, I'd say there's a really good chance your server has been hacked.

Ask your host to look into this... If the response is less than vigorous, you may need a new host.

The 505 error indicates that someone is making requests to your server with an old or invalid version of HTTP. This 505 error is an effect of this attack, and not the cause.

Jim

Hi Jim,
thanks a lot for your respond , so it doesnt look very nice -:(
On my opinion it is only some mess in my scripts ( I have a lot of plugins and scripts added into my wordpress script (I use them in that domain like subdomains) - bookmark,job board, seo, rss aggregator, directory, topsites scripts, so i think that is only my PHP ignorancy who has hacked my site (maybe you are right that some of this scripts which are in subfolders in my main domain folder where is this .htaccess file are set up to write to this file thinking that it belongs to them - If yes , how can I realize which script is setup to write ? in their config files? I don't know which one can cause it , or I have absolutely no clue how to find it ( if somewhere exists some error logs etc. ) my hosting is bluehost and it was them who has realized that if i delete htaccess file it works again , but they didnt find what it cause.

I have permissions setup to 644 ,it means that only administrator can write to .htaccess, what if i change the permissions to 444 ? Can I do it ? Does it help me ? In case that you are right and my server has been hacked, the Only possibility to eliminate this problem is change the host? Sorry for this newbie questions about .htaccess I know really nothing .

I have controlled my error log - I don't understand it because i'm not able to realize what is 505 internal error, but i see many times some url of some chinese forum , I dont want to post it here to make a harm to somebody , but if you can have a look at this error log from my bluehost , i have downloaded on separate file on my site

This is the log I dont think that should be on my site:

PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo.so: cannot open shared object file: No such file or directory in Unknown on line 0, referer:
------url of the chinese forum---------

I think that this is something that shoudn't be there.

this is my error log taken from bluehost:
<snip>

The reason why i dont think that the server has been hacked is that i have about 15 domains on the same server and no one of them has any problems, even subdomains on this one domain has never had the problems, only this 1 domain has this issue for 3 month.

[edited by: jdMorgan at 1:21 am (utc) on May 23, 2010]
[edit reason] No URLs, please. See Terms of Service and Charter. [/edit]

505 HTTP Version Not Supported

The server does not support, or refuses to support, the HTTP protocol version that was used in the request message. The server is indicating that it is unable or unwilling to complete the request using the same major version as the client other than with this error message. The response SHOULD contain an entity describing why that version is not supported and what other protocols are supported by that server.

> The reason why i dont think that the server has been hacked
If you see links to "some chinese forum" that you did not add to your pages yourself, then your server has been hacked.

It would be much safer to proceed with the assumption that your server has been compromised, and try to prove that it has not, than to assume that is has not been compromised and try to prove that is has...

Jim

Thanks a lot for your attention and quick responses, it seems that you are absolutely right , today i was controlling my website very often and it went down in one moment , I immediately looked into my error logs and it showed again about 30 errors lasting about 1 minute like this :

[Sun May 23 03:40:59 2010] [error] [client 213.5.70.184] PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20060613/pdo_mysql.so: cannot open shared object file: No such file or directory in Unknown on line 0, referer: http://forum.example.com/thread-10523-1-1.html

http i have changed h#*$!p and com to c0m to not spam here

so it looks that you are completele right , what am i suppose to do now ? I just opened my ticket on my hosting , they will contact me within 24-48 hours , could you tell me what would you do if you were me?
daniel

[edited by: jdMorgan at 3:26 pm (utc) on May 23, 2010]
[edit reason] Please use example.com only [/edit]

Typical advice: Scan your PC for spyware. Change all passwords on your PC and your server (using a completely secure connection to your server -- for example, encrypted wireless connect and SSH or SFTP). Upgrade all server applications to the latest versions. Disable all non-essential server access (such as "user" FTP accounts) and applications on your server. Ask your host for a security audit.

Jim