You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
I found this at the bottom of my .htaccess file:
RewriteRule ^dev\/?$ "http\:\/\/173\.198\.202\.119\/" [R=301,L]
The ip address originates from Nanjing, China.
Does it mean I've been hacked?
Offline
That's a weird rule, but doesn't necessarily mean you've been hacked. You could have copied that from somewhere online and pasted it in while working on your own rewrites and had forgotten to remove it. The line in and of itself is fairly harmless. It directs (via 301 redirect) and traffic going to http://yourdomain.com/dev to that IP. I can't see that having any negative SEO impact if you never used or published links to the /dev directory. If you didn't inadvertently add it, remove it and check your filesystem for other modified files, then change all passwords and ensure you're using secure protocols to access your site to work on it (FTPS, SSH).
Offline
OK, thanks. I've never published links to the /dev directory, so that's good. I could have inadvertently, but it looks suspicious enough that I think I'd notice it and I used google to search for that string, hoping to find a page I may have clipped it from, but found nothing. Can you tell me if the rest of the file looks ok?
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^index.php - [L,PT]
RewriteRule ^/$ index.php?COREseourl=/ [L,PT]
RewriteRule ^sitemap\.xml utilities/sitemap.xml [L,PT]
RewriteRule ^rss\.xml utilities/rss.xml [L,PT]
RewriteCond %{REQUEST_URI} ^/
RewriteCond %{REQUEST_URI} !\.(xml|css|js|gif|jpg|jpeg|png|pdf)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php?COREseourl=/$1 [L,PT]
RewriteCond %{HTTP_HOST} ^fixmyrust\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.fixmyrust\.com$
Offline