[Solved] Joomla continuous .htaccess hack

I have Joomla website which was hacked and the problem was code created in .htaccess file to redirect to some xxxx.ru website. After cleaning all .htaccess file inside the Joomla website, after every few minutes it was injected by same hack .htaccess code. Due to this hack code, if any user search and find my website in google, they will be redirected to some xxxx.ru website. Because of this redirection we started to get bad credit from google and visitors to our website have been decreased in few days.

Solution:

They might have written some hidden code somewhere inside your website. In our case we found the back door script in /images/stories/story.php, /images/stories/.cache_apn5xp.php, /images/banners/.cache_xyz.php
We have deleted these three files and cleaned all folder .htaccess files. Finally our problem of continuous .htaccess hack was solved.

Suggestion:
To avoid this kind of problem or malware script ingestion in future.

  1. Change the control panel, ftp password and delete unnecessary ftp accounts from control panel
  2. Update to latest Joomla version, extensions, plugins and components.
  3. Delete unnecessary or unused extensions, plugins and components.

2 thoughts on “[Solved] Joomla continuous .htaccess hack

  1. I Had the same problem. Found alien files as follows : /images/stories/story.php, /images/stories/.cache_gogquv.php

  2. Hey guys,

    The reason they could create story.php is because of an exploit in the component called JCE. Disable this component immediately and get the latest version. There is a thread on the joomla forums about this….

Leave a Reply

Your email address will not be published. Required fields are marked *

*