The .htaccess file is notorious for being targeted by attackers. Whether it’s using the file to hide malware, redirect search engines to other sites with blackhat SEO tactics, hide backdoors, inject content, modify php.ini values; the possibilities are endless.
Many site owners are unaware of this file, due to it starting with a “.” making it a hidden file. .htaccess malware can be hard to pinpoint and clean on a server since it allows you to make multiple changes to the web server and its behavior.
Continue reading Understanding .htaccess Malware at Sucuri Blog.