I used the statements below to redirect from our ec2 instance ec2-184-169-142-95.aws... to the actual domain, so that google doesn't index amazon urls. This was working fine until yesterday.
#redirects to domain from amazon public dns link
RewriteCond %{HTTP_HOST} !domain.com$ [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [R=301,L]
was infected and turned into
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
Today, above was exploited by someone and our site started to redirect to random adult sites on mobile and tablets. A common domain was being repeated mini-vip.ru/tds. Which is also listed in the blocklisted domains http://labs.sucuri.net/?malware
When i removed the statements from the .htaccess file. Redirection from the malware stopped. Did anyone also faced such an issue?
We are using Amazon EC2 instances and our code base is in PHP/Codeigniter.