Website Generates Referrals To Malware Via .HTACCESS
A website may be reported as hosting malware even though there are no visible malicious files or script on the site.
This may occur if the site has been compromised at some stage in the past and the attacker modified the .htaccess file. The site itself may have been cleaned or restored, but not .htaccess.
Additional commands and redirects may be added to .htaccess to redirect to spam or malicious sites.
However, a cursory glance at .htaccess reveals nothing out of the ordinary.
The commands may be placed further down the file using blank lines, and then tabbed across a long way with many spaces in front of the lines.
For example, the following graphic shows the relative positions of legitimate commands and hijacked commands in a compromised .htaccess file: