Malware Signatures

  1. Home
  2. Docs
  3. Malware Signatures

Generic category for website hacks where original pages of compromised sites are replaced with content that states the site has been hacked.
The most common reasons for defacements are hacktivism (the replacement pages contain some political statements),
competitions between hacker teams (pages with team logos serve as proofs of hacks) and extorsion (asking money to restore and/or secure the site).
Usually the replacement page is just a tip of the iceberg and hacked sites contain varios backdoors and malicious files.
Such attacks may include changes of webserver configuration and .htaccess changes are most common.

For example, hackers may specify a custom filename for a default directory index file and when visitors come to a site home page (e.g.
they will see that custom page instead of real home page


Any sites on Apache based web servers.


Review your .htaccess rules and remove any rule or entry that you do not recognize. Don't forgert to check directories above you site root.


DirectoryIndex 1337mir.htm