Is there a security breach over qa-rewrite parameter?

Question

My .htaccess had been modified to the following by addying deny from all

 

deny from all
#http://sr.midneid.at/images/jdownloads/screenshots/muhmademad.png

DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ index.php?qa-rewrite=$0&%{QUERY_STRING} [L]
</IfModule>

# BEGIN DETER SEMALT
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*yapoga\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*bottlenose\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*descargar-musica-gratis\.net [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*baixar-musicas-gratis\.com [NC]
RewriteRule (.*) http://www.semalt.com [R=301,L]
# END DETER SEMALT

 

Is there maybe a security breach somewhere within question2answer?

Comments

What do you think is insecure here? Can you provide more details?

---

I do not know. The main security breach had been the JDownloads Plugin on joomla but after I had deleted the joomla page and the tables corresponding to it only question2answer was left on the server and still someone managed to add "deny from all" and a coment to the image they uploaded "hacked by" which was inside the JDownloads path as its visible. I just wondered if there was a SECOND security breach maybe on the site.

Answer 1

I think it's very unlikely Q2A is at fault here. If you've had a security breach already the hackers could have installed something on your server to allow them access whenever they like, even after you deleted the Joomla stuff.

No other Q2A sites have reported hackings.

Comments

That should be more than enough proof. Thank you!