We had a static HTML site get attacked and blacklisted. I never thought a static HTML site could get attacked.

Capture_blurred

Upon further investigation I found a file called “kmhtwefn.php”.  A google search returned nothing … something must be wrong.

There was also a file called “ingenuity-insulator.php”. I googled it and came back with nothing related to this file. Again this made me question things.

I opened a “.htaccess” file and found the following:

htaccess_attack

Bingo!

It appears all leads from the major search engines lead to the ingenuity-insulator.php file. This is why the site go listed as hacked.

How did it get hacked?

Turns out this site had ICEcoder in it. I needed to reset the password and the following article helped me figure it out.

https://groups.google.com/forum/#!topic/icecoder/0KPKZZLcB58

Due to the lack of time I reached out to Sucuri to help get this site cleaned up and remove the blacklisting.

Sucuri’s Website

I hope this helps someone else out there…