Malware Signatures

  1. Home
  2. Malware Signatures
  3. htaccess.spam-seo.redirect.001.001

htaccess.spam-seo.redirect.001.001

Blackhat SEO, or spam-seo, is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is based on .htacess rules, thus intended for server-side use and the payload is executed directly on the server, before the site is rendered. Only the payload result (spam content, redirect) is visible in the browser, not the malicious code itself.
Malicious crafted .htaccess rules which causes redirection of the visitor to other websites with spam or malicious content. Redirections are often conditional, being triggered based on user-agent, referrers and IP addresses.

Affecting

Any Apache based web server hosting vulnerable software or with compromised credentials.

Dump

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteCond %{HTTP_REFERER} !^.*(q=cache:).*$ [NC]
RewriteCond %{HTTP_USER_AGENT} ^.*(bing|yahoo|google|msn|yandex|asksjeeves|baidu|crawler).*$ [NC]
RewriteRule ^(.*)$ http ://some spam site.dom [R=301,L]
</IfModule>