Joomla and WordPress owners are being warned of a malicious redirect script that pushes visitors to malicious websites.
A security researcher with Sucuri recently published a report describing a rogue hypertext access (.htaccess) injector found on a client website. He noted that the site was directing website traffic to advertising sites that attempted to install malicious software.
Both Joomla and WordPress sites use .htaccess files to make configuration changes at the directory level of a web server. The file is used to configure a host of web page options, ranging from website access, URL redirects, URL shortening and access control.
It is still not clear how attackers gained access to the Joomla and WordPress websites. However, once they access the sites, the attackers are able to plant code onto some of the website’s index.php files and inject the malicious redirects into the .htaccess files.
The .htacccess file has been implicated in a number different attacks, including, an assault in October, when a plugin called jQuery File Upload placed 7,800 different software applications at potential risk for compromise and remote code-execution.