UXDE dot Net

[FIXED] GadgetCage being redirected to some Malicious Site

By -

Today we have noticed a huge traffic drop. We have checked almost everything, But we are not able to figure it and came to a conclusion that its the Google Panda Effect!

But It is not the Panda. Its a code injected into our htaccess file. We came to know that traffic from Search Engines like Google, Yahoo, Bing, ASK, Altavista, AOL, Excite is being redirected to some malicious site (http://sokoloperkovuske.com/in.php?pp=69).

How we came to know about this?

#1. We just Googled our Blog name.
#2. If we click on any result of GadgetCage, those results are being redirected to this site: http://sokoloperkovuske.com/in.php?pp=69

We came to know that, it was some RewriteMod Rule injected into our htaccess file.

How to Resolve this?

#1. Download .htaccess file from your FTP.
#2. Check for RewriteMod Conditions, Mostly you find it in the beginning of the file.
#3. Remove that Code, Save the file and upload it back.

The RewriteMod looks something like this:

< IfModule mod_rewrite.c >
RewriteEngine On
RewriteOptions inherit







Covered other lines..

How to Protect your .htaccess File?

Set .htaccess file permissions to 644.  Add the below lines to your htaccess file.

# Protect the htaccess file
<Files .htaccess>

Order Allow,Deny

Deny from all

</Files>

Thanks: Amit Benerjee, Rahul Banker.

is a Part-time Blogger as of now. He is a Freelance Programmer, WordPress Enthusiast. You can catch him on: Facebook | Twitter | . If you like this post, you can follow us on Twitter. Subscribe to GadgetCage Feeds via RSS or Email to get instant updates.

8 Comments to [FIXED] GadgetCage being redirected to some Malicious Site

  1. Also check your Google webmaster tool reports for hacket site notifications and malware. Some days back I fixed a similar issue when I found a whole bunch of files were uploaded to one of my site directory. I have no clue how those files arrived but GWT was quick enough to pick them up and show them under crawl errors.

    remember to setup email forwarding in Google webmaster tools, that way you would instantly know if something suspicious is happening in the background.

    I guess your issue couple be caused by a plugin or some third party code but how your HTACCESS file was edited still remains a concern.

  2. Hello, im hosted in godaddy too… and had a worpress blog too…
    did you install any new plugin in the recent days?
    How can anyone rewrite the htaccess file? the file is suposed to be invisible no?
    Did you know how this happend?
    Can you tell me if you find the security risk?
    Thank you for the tip.

    • Omar,
      Our blog is also hosted on GoDaddy, We didn’t install any new plugin in the last few days. Just change your .htaccess file Permissions to 644 and insert the lines mentioned in the post in your .htaccess file.

  3. Same thing happened to us… hosted with Godaddy and on a wordpress blog. I have no idea how to find all this information you’re giving so I think I’ll call godaddy to see if they’ll walk me through it. Thanks for the info!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>