Malicious .htaccess file keeps reappearing

Okay, so one day I visited my site and got “Reported Attack Page!” instead, and I figured out the cause was this .htaccess file that had some malicious redirect in it or something. So I just deleted it, I had nothing in my .htaccess file anyway.

A few weeks later, it comes back, and I do the same thing. As time goes on it starts coming back more and more often. And yes, I have been changing my password.

Today I went in and deleted the file, then a few minutes later it came back.

What is going on and what do I do. If you can’t tell by the way I worded all this, I don’t know a lick about any of the stuff that came up when I googled for months to try and solve this problem. I’m so frustrated with it I’m about to tear my hair out.

well first thing i would do is change account and mysql passwords again. then i would create an .htaccess file and chmod it to 444 that gives it read permission only but cannot be written to. also you may have something on your website that has been compromised to automatically generate this malicious .htaccess file but still the chmod to 444 should stop it from changing hopefully.

Here’s some info on tracking down hacks:

Their first suggestion of checking the FTP/SSH log is the easiest.
Next, if you know the timestamp of the hacked .htaccess file, hop down their last step for Site Cleanup to check the HTTP logs for activity that happened at the timestamp. And the those two find commands are also very helpful to find any other files that were changed.