If you're running a static site its highly likely you don't need anything in your .htaccess. You should then workout how your site actually got hacked...as if you haven't resolved that it's just going to happen again.

如果您运行的是静态站点，则很可能您的 .htaccess 中不需要任何内容​​。然后，您应该检查您的网站实际上是如何被黑客入侵的……就好像您还没有解决它只会再次发生一样。

Your real concern should be how it happened in the first place. Defacers and such often go back and will try the same thing again on a previously cracked site, since many times the vulnerability isn't fixed.

你真正关心的应该是它最初是如何发生的。Defacers 等通常会返回并在以前破解的站点上再次尝试相同的操作，因为很多时候漏洞并未修复。

The htaccess file is incidental. You have been hacked by one of the Russian malware gangs. If you don't close the hole that allowed the hack to happen, you will just get hacked again.

htaccess 文件是附带的。您已被俄罗斯恶意软件团伙之一入侵。如果您不关闭允许黑客发生的漏洞，您将再次被黑客入侵。

It is entirely possible that the server itself is compromised and there is more stuff on it you don't know about, such as trojan software that might not only deface your sites, but also launch attacks on others, send spam, and so on. Assuming appropriate permissions on the directory containing the htaccess file, it should not have been possible to write a file there even if you have an insecure web application on there. Certainly if you are only dealing with static files the only way such a file could have got there is by your uploading account, or the server itself being compromised.

服务器本身完全有可能受到威胁，并且上面有更多您不知道的东西，例如木马软件，它们不仅可能会破坏您的站点，还会对他人发起攻击、发送垃圾邮件等。假设对包含 htaccess 文件的目录具有适当的权限，即使您在那里有不安全的 Web 应用程序，也不应该在那里写入文件。当然，如果您只处理静态文件，则此类文件可能存在的唯一方式是您的上传帐户，或者服务器本身受到损害。

If it's your server, as I'm guessing from the fact it responds to a direct query by IP address, you need to flatten it and reinstall from up-to-date software, use new passwords, and check your own client machines you're uploading from for infections.

如果它是您的服务器，正如我从它通过 IP 地址响应直接查询的事实猜测的那样，您需要将其扁平化并从最新软件重新安装，使用新密码，并检查您自己的客户端机器从感染重新上传。

(As per @YGomez's comment: first and foremost, you need to close the vulnerability which allowed the creation of that .htaccess file, else the malware will come back almost instantly; I probably should have mentioned that explicitly)

（根据@YGomez 的评论：首先，您需要关闭允许创建该 .htaccess 文件的漏洞，否则恶意软件几乎会立即返回；我可能应该明确提到这一点）

The first part will redirect all visitors coming in from yahoo and google to 87.248.180.89

第一部分会将来自雅虎和谷歌的所有访问者重定向到 87.248.180.89

The second part ("allow, deny") will deny access to your site for everybody.

第二部分（“允许，拒绝”）将拒绝所有人访问您的站点。

I suggest to simply delete the .htaccess and be done with it - if you use a .htaccess file, you would know what goes in there, else you don't need it.

我建议简单地删除 .htaccess 并完成它 - 如果您使用 .htaccess 文件，您会知道那里有什么，否则您不需要它。

No, that won't do anything for you. For a static site you may not need a .htaccess file at all.

不，那对你没有任何作用。对于静态站点，您可能根本不需要 .htaccess 文件。

• Step 1 : change FTP password
• Step 2 : Download all files and clean
• Step 3 : upload Files
• Step 4 : Set 444 permission to all files, except Custom Upload folders

• 第 1 步：更改 FTP 密码
• 第 2 步：下载所有文件并清理
• 第 3 步：上传文件
• 第 4 步：为所有文件设置 444 权限，自定义上传文件夹除外

Remeber Do not save FTP password in your FTP client.

记住不要在您的 FTP 客户端中保存 FTP 密码。

If you suspects that your system is infected, Format and install OS, then install a good antivirus + firewall. I suggest Avast free edition and Comodo Firewall.

如果您怀疑您的系统被感染，请格式化并安装操作系统，然后安装一个好的杀毒软件+防火墙。我建议 Avast 免费版和 Comodo Firewall。

We have received many inquiries and we cleaned those infected sites.

我们收到了很多询问，我们清理了那些受感染的网站。